diff options
521 files changed, 10100 insertions, 4790 deletions
diff --git a/libnDPI b/libnDPI -Subproject 8ea0eaa0d0c4a3be05f67ef7fa1d22c2579cf7d +Subproject 2b230e28e0612e8654ad617534deb9aaaabd51b @@ -586,9 +586,14 @@ static void jsonize_flow_detection_event(struct nDPId_reader_thread * const read static int set_collector_nonblock(struct nDPId_reader_thread * const reader_thread) { - int current_flags = fcntl(reader_thread->collector_sockfd, F_GETFL, 0); + int current_flags; + + while ((current_flags = fcntl(reader_thread->collector_sockfd, F_GETFL, 0)) == -1 && errno == EINTR) {} + if (current_flags == -1) { + } - if (current_flags == -1 || fcntl(reader_thread->collector_sockfd, F_SETFL, current_flags | O_NONBLOCK) == -1) + while ((current_flags = fcntl(reader_thread->collector_sockfd, F_SETFL, current_flags | O_NONBLOCK)) == -1 && errno == EINTR) {} + if (current_flags == -1) { reader_thread->collector_sock_last_errno = errno; logger(1, @@ -1318,7 +1323,7 @@ static struct nDPId_workflow * init_workflow(char const * const file_or_device) pcap_freecode(&fp); } - ndpi_init_prefs init_prefs = ndpi_no_prefs; + ndpi_init_prefs init_prefs = ndpi_no_prefs | ndpi_dont_load_gambling_list; workflow->ndpi_struct = ndpi_init_detection_module(init_prefs); if (workflow->ndpi_struct == NULL) { diff --git a/test/results/caches_cfg/ookla.pcap.out b/test/results/caches_cfg/ookla.pcap.out index 6783f7456..e89191121 100644 --- a/test/results/caches_cfg/ookla.pcap.out +++ b/test/results/caches_cfg/ookla.pcap.out @@ -61,9 +61,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7995315 bytes -~~ total memory freed........: 7995315 bytes -~~ total allocations/frees...: 148474/148474 +~~ total memory allocated....: 7625096 bytes +~~ total memory freed........: 7625096 bytes +~~ total allocations/frees...: 142877/142877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 1402 chars diff --git a/test/results/caches_cfg/teams.pcap.out b/test/results/caches_cfg/teams.pcap.out index da9f0ac56..9c349e5e6 100644 --- a/test/results/caches_cfg/teams.pcap.out +++ b/test/results/caches_cfg/teams.pcap.out @@ -686,9 +686,9 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9092192 bytes -~~ total memory freed........: 9092192 bytes -~~ total allocations/frees...: 151087/151087 +~~ total memory allocated....: 8723821 bytes +~~ total memory freed........: 8723821 bytes +~~ total allocations/frees...: 145490/145490 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 298 chars ~~ json string max len.......: 2504 chars diff --git a/test/results/default/1kxun.pcap.out b/test/results/default/1kxun.pcap.out index c96b22875..fff123f63 100644 --- a/test/results/default/1kxun.pcap.out +++ b/test/results/default/1kxun.pcap.out @@ -1290,9 +1290,9 @@ ~~ total active/idle flows...: 197/197 ~~ total timeout flows.......: 20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8506082 bytes -~~ total memory freed........: 8506082 bytes -~~ total allocations/frees...: 152931/152931 +~~ total memory allocated....: 8140447 bytes +~~ total memory freed........: 8140447 bytes +~~ total allocations/frees...: 147334/147334 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 9026 chars diff --git a/test/results/default/443-chrome.pcap.out b/test/results/default/443-chrome.pcap.out index e80a83115..99cddc22f 100644 --- a/test/results/default/443-chrome.pcap.out +++ b/test/results/default/443-chrome.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966176 bytes -~~ total memory freed........: 7966176 bytes -~~ total allocations/frees...: 148289/148289 +~~ total memory allocated....: 7595837 bytes +~~ total memory freed........: 7595837 bytes +~~ total allocations/frees...: 142692/142692 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 2505 chars diff --git a/test/results/default/443-curl.pcap.out b/test/results/default/443-curl.pcap.out index f1ce10ca6..f12ccc115 100644 --- a/test/results/default/443-curl.pcap.out +++ b/test/results/default/443-curl.pcap.out @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7974227 bytes -~~ total memory freed........: 7974227 bytes -~~ total allocations/frees...: 148404/148404 +~~ total memory allocated....: 7603888 bytes +~~ total memory freed........: 7603888 bytes +~~ total allocations/frees...: 142807/142807 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2167 chars diff --git a/test/results/default/443-firefox.pcap.out b/test/results/default/443-firefox.pcap.out index 96bb54f57..99d55dd69 100644 --- a/test/results/default/443-firefox.pcap.out +++ b/test/results/default/443-firefox.pcap.out @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7990463 bytes -~~ total memory freed........: 7990463 bytes -~~ total allocations/frees...: 148963/148963 +~~ total memory allocated....: 7620124 bytes +~~ total memory freed........: 7620124 bytes +~~ total allocations/frees...: 143366/143366 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 517 chars ~~ json string max len.......: 2182 chars diff --git a/test/results/default/443-git.pcap.out b/test/results/default/443-git.pcap.out index 79a47afdc..7cc344ae3 100644 --- a/test/results/default/443-git.pcap.out +++ b/test/results/default/443-git.pcap.out @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7976612 bytes -~~ total memory freed........: 7976612 bytes -~~ total allocations/frees...: 148367/148367 +~~ total memory allocated....: 7606273 bytes +~~ total memory freed........: 7606273 bytes +~~ total allocations/frees...: 142770/142770 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2459 chars diff --git a/test/results/default/443-opvn.pcap.out b/test/results/default/443-opvn.pcap.out index 9b0e06b3f..796d22887 100644 --- a/test/results/default/443-opvn.pcap.out +++ b/test/results/default/443-opvn.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967481 bytes -~~ total memory freed........: 7967481 bytes -~~ total allocations/frees...: 148334/148334 +~~ total memory allocated....: 7597142 bytes +~~ total memory freed........: 7597142 bytes +~~ total allocations/frees...: 142737/142737 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2200 chars diff --git a/test/results/default/443-safari.pcap.out b/test/results/default/443-safari.pcap.out index be8d92e6e..e7c6ad560 100644 --- a/test/results/default/443-safari.pcap.out +++ b/test/results/default/443-safari.pcap.out @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7972285 bytes -~~ total memory freed........: 7972285 bytes -~~ total allocations/frees...: 148336/148336 +~~ total memory allocated....: 7601946 bytes +~~ total memory freed........: 7601946 bytes +~~ total allocations/frees...: 142739/142739 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 2164 chars diff --git a/test/results/default/4in4tunnel.pcap.out b/test/results/default/4in4tunnel.pcap.out index 1ba0a2da9..b99bcffe4 100644 --- a/test/results/default/4in4tunnel.pcap.out +++ b/test/results/default/4in4tunnel.pcap.out @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7961999 bytes -~~ total memory freed........: 7961999 bytes -~~ total allocations/frees...: 148276/148276 +~~ total memory allocated....: 7591636 bytes +~~ total memory freed........: 7591636 bytes +~~ total allocations/frees...: 142679/142679 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 303 chars ~~ json string max len.......: 582 chars diff --git a/test/results/default/4in6tunnel.pcap.out b/test/results/default/4in6tunnel.pcap.out index 4f7dbd0f3..285fedf28 100644 --- a/test/results/default/4in6tunnel.pcap.out +++ b/test/results/default/4in6tunnel.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964215 bytes -~~ total memory freed........: 7964215 bytes -~~ total allocations/frees...: 148291/148291 +~~ total memory allocated....: 7593876 bytes +~~ total memory freed........: 7593876 bytes +~~ total allocations/frees...: 142694/142694 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 2494 chars diff --git a/test/results/default/6in4tunnel.pcap.out b/test/results/default/6in4tunnel.pcap.out index 66ac583c6..655d9ffb1 100644 --- a/test/results/default/6in4tunnel.pcap.out +++ b/test/results/default/6in4tunnel.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967782 bytes -~~ total memory freed........: 7967782 bytes -~~ total allocations/frees...: 148414/148414 +~~ total memory allocated....: 7597443 bytes +~~ total memory freed........: 7597443 bytes +~~ total allocations/frees...: 142817/142817 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 2020 chars diff --git a/test/results/default/6in6tunnel.pcap.out b/test/results/default/6in6tunnel.pcap.out index 32fac2399..b5fde6af5 100644 --- a/test/results/default/6in6tunnel.pcap.out +++ b/test/results/default/6in6tunnel.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966257 bytes -~~ total memory freed........: 7966257 bytes -~~ total allocations/frees...: 148300/148300 +~~ total memory allocated....: 7595942 bytes +~~ total memory freed........: 7595942 bytes +~~ total allocations/frees...: 142703/142703 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 998 chars diff --git a/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out index accf52714..7979fb786 100644 --- a/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out +++ b/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964505 bytes -~~ total memory freed........: 7964505 bytes -~~ total allocations/frees...: 148301/148301 +~~ total memory allocated....: 7594166 bytes +~~ total memory freed........: 7594166 bytes +~~ total allocations/frees...: 142704/142704 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 526 chars ~~ json string max len.......: 980 chars diff --git a/test/results/default/BGP_redist.pcap.out b/test/results/default/BGP_redist.pcap.out index d1603fdee..9834eb43e 100644 --- a/test/results/default/BGP_redist.pcap.out +++ b/test/results/default/BGP_redist.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964128 bytes -~~ total memory freed........: 7964128 bytes -~~ total allocations/frees...: 148288/148288 +~~ total memory allocated....: 7593789 bytes +~~ total memory freed........: 7593789 bytes +~~ total allocations/frees...: 142691/142691 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 301 chars ~~ json string max len.......: 1090 chars diff --git a/test/results/default/EAQ.pcap.out b/test/results/default/EAQ.pcap.out index 5412fb551..b01cc644f 100644 --- a/test/results/default/EAQ.pcap.out +++ b/test/results/default/EAQ.pcap.out @@ -275,9 +275,9 @@ ~~ total active/idle flows...: 31/31 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8033021 bytes -~~ total memory freed........: 8033021 bytes -~~ total allocations/frees...: 148827/148827 +~~ total memory allocated....: 7663402 bytes +~~ total memory freed........: 7663402 bytes +~~ total allocations/frees...: 143230/143230 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 1206 chars diff --git a/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out index c430f7136..7d140194e 100644 --- a/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out +++ b/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -27,9 +27,9 @@ 02335{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1228468937630923,"flow_src_last_pkt_time":1228468963851351,"flow_dst_last_pkt_time":1228468963854227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":334,"flow_dst_max_l4_payload_len":372,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":3039,"midstream":0,"thread_ts_usec":1228468963854227,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":15,"avg":1691733.2,"max":4370196,"stddev":2031243.2,"var":4125948903424.0,"ent":3.7,"data": [147,2580,146,4369720,177,4369379,142,4370170,85,4370186,150,4369866,79,4370149,291,4370036,88,4369436,150,3508424,3524296,204367,192966,657514,15,652477,151,4369658,82,4370196,609]},"pktlen": {"min":73,"avg":154.8,"max":400,"stddev":98.9,"var":9786.3,"ent":4.7,"data": [73,73,278,150,73,73,278,150,73,73,278,150,73,73,278,150,73,73,278,150,362,400,80,87,74,74,279,151,74,74,279,151]},"bins": {"c_to_s": [0,15,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,0,7,0,0,0,7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,0,1,1,0,0,1,1],"entropies": [5.184563637,5.058271885,5.379110336,5.406789303,5.184563637,5.179216385,5.374631405,5.446616650,5.168875217,5.151818752,5.378158569,5.424983501,5.206613541,5.151818752,5.376394272,5.444680214,5.168875217,5.134762764,5.362365723,5.408768177,5.778869152,5.247618675,5.299749374,5.105933189,5.158446312,5.175271988,5.367991447,5.455423832,5.202299118,5.175271988,5.384085178,5.429594994]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Megaco","proto_id":"181","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468965434208,"flow_src_last_pkt_time":1228468965434208,"flow_dst_last_pkt_time":1228468965434208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468965434208,"l3_proto":"ip4","src_ip":"10.35.60.100","dst_ip":"10.23.1.52","src_port":15580,"dst_port":16756,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1228468965434208,"flow_dst_last_pkt_time":1228468965434208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1228468965434208,"pkt":"ABgYesP\/AAglAXLqCABFuADIHecAAD0RDLUKIzxkChcBNDzcQXQAtEC7gAgAAGfPFaAOrw6v1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1Q=="} -00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468965434208,"flow_src_last_pkt_time":1228468965434208,"flow_dst_last_pkt_time":1228468965434208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468965434208,"l3_proto":"ip4","src_ip":"10.35.60.100","dst_ip":"10.23.1.52","src_port":15580,"dst_port":16756,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1228468965455031,"flow_dst_last_pkt_time":1228468965434208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1228468965455031,"pkt":"ABgYesP\/AAglAXLqCABFuADIHegAAD0RDLQKIzxkChcBNDzcQXQAtEAagAgAAWfPFkAOrw6v1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1Q=="} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1228468965474173,"flow_dst_last_pkt_time":1228468965434208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1228468965474173,"pkt":"ABgYesP\/AAglAXLqCABFuADIHekAAD0RDLMKIzxkChcBNDzcQXQAtD95gAgAAmfPFuAOrw6v1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1Q=="} +00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1228468965434208,"flow_src_last_pkt_time":1228468965474173,"flow_dst_last_pkt_time":1228468965434208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468965474173,"l3_proto":"ip4","src_ip":"10.35.60.100","dst_ip":"10.23.1.52","src_port":15580,"dst_port":16756,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 01561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1228468958657176,"flow_dst_last_pkt_time":1228468965488757,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":811,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":811,"pkt_l4_len":777,"thread_ts_usec":1228468965488757,"pkt":"AAglAXLkABZGR+C\/CABFuAMdHeoAAD0RAsHAqGTbioSpZRPEE8QDCWBVU0lQLzIuMCAyMDAgT0sNCkFsbG93OiBJTlZJVEUsQUNLLE9QVElPTlMsQllFLENBTkNFTCxJTkZPLFJFRkVSLE5PVElGWSxVUERBVEUNCkNhbGwtSUQ6IFNENDkwOTcwMS05ZmYxMWJmNzJlYjRhMzQ3YzkyOTc0ZDhmYmJjMjY2OC1hbzhvM2kxDQpDb250YWN0OiA8c2lwOjA2MTk2MzE3N0AxOTIuMTY4LjEwMC4yMTk6NTA2MD4NCkNvbnRlbnQtTGVuZ3RoOiAyMTINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vc2RwDQpDU2VxOiAxIElOVklURQ0KRnJvbTogPHNpcDp1bmF2YWlsYWJsZUBob3N0cG9ydGlvbj47dGFnPVNENDkwOTcwMS0wMGU5ZDQ3OA0KTWluLVNFOiA5MA0KU2VydmVyOiBBcmNvci9BcmNvci0xLjAyLjAwNXQyDQpTdXBwb3J0ZWQ6IHJlcGxhY2VzLHRpbWVyDQpUbzogPHNpcDowNjE5NjMxNzdAaXRhbHRlbC5pdDt1c2VyPXBob25lPjt0YWc9NjE3MjYzNjE2NDc5NjE2RS0zMzE3MTU1MjAtNTMzNmY3ODUtMTg3NDEwMjA1DQpWaWE6IFNJUC8yLjAvVURQIDEzOC4xMzIuMTY5LjEwMTo1MDYwO2JyYW5jaD16OWhHNGJLZnYyZjQwMTA3ODdoM2E4cTEyODAuMQ0KDQp2PTANCm89LSA3NTQ1ODA0MjMgMSBJTiBJUDQgMTkyLjE2OC4xMDAuMjE5DQpzPS0NCmM9SU4gSVA0IDE5Mi4xNjguMTAwLjIxOQ0KdD0wIDANCm09YXVkaW8gNTAwMiBSVFAvQVZQIDggMTAyDQphPXJ0cG1hcDo4IFBDTUEvODAwMA0KYT1ydHBtYXA6MTAyIHRlbGVwaG9uZS1ldmVudC84MDAwDQphPWZtdHA6MTAyIDAtMTUsMzINCmE9cHRpbWU6MjANCmE9c2VuZHJlY3YNCg=="} 01576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1228468958651179,"flow_dst_last_pkt_time":1228468965492834,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":825,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":825,"pkt_l4_len":791,"thread_ts_usec":1228468965492834,"pkt":"ABEKVkXQAAglAXLqCABFAAMrAABAAIARatAKIzxkCiM8SBPEE8QDF31BU0lQLzIuMCAyMDAgT0sNClZpYTogU0lQLzIuMC9VRFAgMTAuMzUuNjAuNzI6NTA2MDticmFuY2g9ejloRzRiSy5pSWlJaUkuMGEyMzI4MTkuZTlkNGJkDQpUbzogPHNpcDowNjE5NjMxNzdAaXRhbHRlbC5pdDt1c2VyPXBob25lPjt0YWc9U0Q0OTA5Nzk5LTYxNzI2MzYxNjQ3OTYxNkUtMzMxNzE1NTIwLTUzMzZmNzg1LTE4NzQxMDIwNQ0KRnJvbTogPHNpcDp1bmF2YWlsYWJsZUBob3N0cG9ydGlvbj47dGFnPTAwZTlkNDc4DQpDYWxsLUlEOiAwMGU5ZDRhNTAwZTlkNDgtMDAxNS0wMDAxLTAwMDAtMDAwMEAxMC4zNS40MC4yNQ0KQ1NlcTogMSBJTlZJVEUNCkFsbG93OiBJTlZJVEUsQUNLLE9QVElPTlMsQllFLENBTkNFTCxJTkZPLFJFRkVSLE5PVElGWSxVUERBVEUNCkNvbnRhY3Q6IDxzaXA6MDYxOTYzMTc3LWlraHV1ZXA1YmkxMjNAMTAuMzUuNjAuMTAwOjUwNjA7dHJhbnNwb3J0PXVkcD4NCkNvbnRlbnQtTGVuZ3RoOiAyMDcNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vc2RwDQpNaW4tU0U6IDkwDQpTZXJ2ZXI6IEFyY29yL0FyY29yLTEuMDIuMDA1dDINClN1cHBvcnRlZDogcmVwbGFjZXMsdGltZXINCg0Kdj0wDQpvPS0gNzU0NTgwNDIzIDEgSU4gSVA0IDEwLjM1LjYwLjEwMA0Kcz0tDQpjPUlOIElQNCAxMC4zNS42MC4xMDANCnQ9MCAwDQptPWF1ZGlvIDE1NTgwIFJUUC9BVlAgOCAxMDINCmE9cnRwbWFwOjggUENNQS84MDAwDQphPXJ0cG1hcDoxMDIgdGVsZXBob25lLWV2ZW50LzgwMDANCmE9Zm10cDoxMDIgMC0xNSwzMg0KYT1wdGltZToyMA0KYT1zZW5kcmVjdg0K"} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1228468965513703,"flow_dst_last_pkt_time":1228468965434208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1228468965513703,"pkt":"ABgYesP\/AAglAXLqCABFuADIHesAAD0RDLEKIzxkChcBNDzcQXQAtD7YgAgAA2fPF4AOrw6v1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1Q=="} @@ -58,9 +58,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8017507 bytes -~~ total memory freed........: 8017507 bytes -~~ total allocations/frees...: 149883/149883 +~~ total memory allocated....: 7647264 bytes +~~ total memory freed........: 7647264 bytes +~~ total allocations/frees...: 144286/144286 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 534 chars ~~ json string max len.......: 2357 chars diff --git a/test/results/default/IEC104.pcap.out b/test/results/default/IEC104.pcap.out index bf556f481..eeb220606 100644 --- a/test/results/default/IEC104.pcap.out +++ b/test/results/default/IEC104.pcap.out @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966634 bytes -~~ total memory freed........: 7966634 bytes -~~ total allocations/frees...: 148313/148313 +~~ total memory allocated....: 7596319 bytes +~~ total memory freed........: 7596319 bytes +~~ total allocations/frees...: 142716/142716 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 1103 chars diff --git a/test/results/default/KakaoTalk_chat.pcap.out b/test/results/default/KakaoTalk_chat.pcap.out index 31d78fbc7..44635019f 100644 --- a/test/results/default/KakaoTalk_chat.pcap.out +++ b/test/results/default/KakaoTalk_chat.pcap.out @@ -276,9 +276,9 @@ ~~ total active/idle flows...: 38/38 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8180105 bytes -~~ total memory freed........: 8180105 bytes -~~ total allocations/frees...: 149269/149269 +~~ total memory allocated....: 7810654 bytes +~~ total memory freed........: 7810654 bytes +~~ total allocations/frees...: 143672/143672 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 520 chars ~~ json string max len.......: 2369 chars diff --git a/test/results/default/KakaoTalk_talk.pcap.out b/test/results/default/KakaoTalk_talk.pcap.out index 2a7ac3573..544387856 100644 --- a/test/results/default/KakaoTalk_talk.pcap.out +++ b/test/results/default/KakaoTalk_talk.pcap.out @@ -58,17 +58,17 @@ 01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069170975714,"flow_src_last_pkt_time":1430069170975714,"flow_dst_last_pkt_time":1430069170975714,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":78,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":78,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":78,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069170975714,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"KakaoTalk_Voice","proto_id":"194","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069171118750,"flow_src_last_pkt_time":1430069171118750,"flow_dst_last_pkt_time":1430069171118750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069171118750,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1430069171118750,"flow_dst_last_pkt_time":1430069171118750,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":100,"pkt_l4_len":64,"thread_ts_usec":1430069171118750,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFQAAEAAPxHbTgoYUrwByQGuLDhaBABATCmA7E6yizmc2guGVRn+xfaQv+g9g3ccEnajV1GbM8MpJWVK2C77CAiJwDoJYkgGCqWuS2HWMkwGeQ=="} -00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069171118750,"flow_src_last_pkt_time":1430069171118750,"flow_dst_last_pkt_time":1430069171118750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069171118750,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1430069171120856,"flow_dst_last_pkt_time":1430069171118750,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"thread_ts_usec":1430069171120856,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/C92AbE6zizmgmguGVRkt\/rZnfXpGz0N2A\/IfJpewUyMSY166JO1xGXdEkGNQd31ADIw6ZS3SDh9Y"} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1430069171120948,"flow_dst_last_pkt_time":1430069171118750,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"thread_ts_usec":1430069171120948,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/5SmAbE60izmkWguGVRmezvGSQL2r8\/lU9MEKvF6SC08uWokrFHcn2V7\/8UTxLNEjkf5mPRch1tsI"} +00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1430069171118750,"flow_src_last_pkt_time":1430069171120948,"flow_dst_last_pkt_time":1430069171118750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069171120948,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1430069170892951,"flow_dst_last_pkt_time":1430069171127448,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"thread_ts_usec":1430069171127448,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAGoAAEAAGxH\/EAHJAa4KGFK8WgUsOQBWReSByQAHVJql2hcYBvUW09\/cV2PnqW9IAC+tkcS3zbxHaXzNy97m1tMPsxdrmxKMjQTBocmvV+MtI4fyJpYC3zCcgAAAAaPWslm6g8tl\/I8="} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1430069171212226,"flow_dst_last_pkt_time":1430069171118750,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"thread_ts_usec":1430069171212226,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/jTmAbE61izmoGguGVRn1lqaVNU04\/0pxhmXG3LpjHLoEtStGBpgmAENokf++6bVHtFV\/dhtsB+qy"} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1430069171212470,"flow_dst_last_pkt_time":1430069171118750,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"thread_ts_usec":1430069171212470,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/7uaAbE62izmr2guGVRn8RhAolyCXjh9CBCF49gOSkQpyC1NGr5hVj6UCX85c7EbzzNysGYkXDN7V"} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069171389136,"flow_src_last_pkt_time":1430069171389136,"flow_dst_last_pkt_time":1430069171389136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":79,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":79,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":79,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069171389136,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1430069171389136,"flow_dst_last_pkt_time":1430069171389136,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":123,"pkt_l4_len":87,"thread_ts_usec":1430069171389136,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGsAAEAAQBHaNwoYUrwByQGuKBxaBgBXWCuA7DE+fqkVA1Sapdp6cTmDebnhh8KUkQVLcfVIHO+KdE\/hh8TrsDi1pxsxiqViFSLVRYeZKeMWrEXQddUHKF8UZHmGznF9XlwFasBuVesU"} -00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069171389136,"flow_src_last_pkt_time":1430069171389136,"flow_dst_last_pkt_time":1430069171389136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":79,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":79,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":79,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069171389136,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1430069171425208,"flow_dst_last_pkt_time":1430069171389136,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":192,"pkt_l4_len":156,"thread_ts_usec":1430069171425208,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAALAAAEAAQBHZ8goYUrwByQGuKBxaBgCccR6AbDE\/fqkYw1SapdpQtIGDUUcsKy8FZc8SkcXbnkaLnkk7o+K31\/Lp8iVo3SBPJc3DyoRUtaFntc3koP5JLgEppFZXqNkw36nmYntuZ329GNTJ06T0XeyZJfDm34fzEotPLv3zEaM1kQ76cuJR6IF9rGbKT3sQKWcYIsd5M3XbqcXgkS4bFd8efSkCV9pxMGaMM2HU"} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1430069171464453,"flow_dst_last_pkt_time":1430069171389136,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":115,"pkt_l4_len":79,"thread_ts_usec":1430069171464453,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGMAAEAAQBHaPwoYUrwByQGuKBxaBgBPG\/OAbDFAfqkcg1SapdrEmBFpbnVmJMblF0rZoL8vvV92uiSDpJJT7NfUzojI6pP2kn9ZuUksJi0oXTyacMa3Otx9PZKNJxznlw=="} +00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1430069171389136,"flow_src_last_pkt_time":1430069171464453,"flow_dst_last_pkt_time":1430069171389136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":71,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069171464453,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1430069171464453,"flow_dst_last_pkt_time":1430069171529486,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"thread_ts_usec":1430069171529486,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAFMAAEAAGhEAKAHJAa4KGFK8WgYoHAA\/9kiAbE65izm3GguGVRmdGcA+AQC9PW6Iu7D56EiFtVEV8BRmHczMxTAvU5GNKbDmUz3uXGfPQe61"} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1430069171566474,"flow_dst_last_pkt_time":1430069171529486,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"thread_ts_usec":1430069171566474,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAQBHaTwoYUrwByQGuKBxaBgA\/KK6AbDFBfqkgQ1SapdqU2NQbnkxB3Xf0AOGlSFlAxEVDNvMv8YdF7fCM5vVAJXsQ3FrK2qCKRi6W"} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1430069171998328,"flow_dst_last_pkt_time":1430069171127448,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"thread_ts_usec":1430069171998328,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAPxHbJAoYUrwByQGuLDlaBQBqX6qByAAMC4ZVGUMDyNdZMqzZvFL5masXDZVA6JQCTSwYzII6r0J+H6ebHDpiG6\/AGpupgF2zzgl2ppSiLVPnYiD98U8UjOQ2fRfyw\/ugiovyQFT+lfaAAAACkQQ8eHVaWMSL\/A=="} @@ -150,9 +150,9 @@ ~~ total active/idle flows...: 20/20 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8122077 bytes -~~ total memory freed........: 8122077 bytes -~~ total allocations/frees...: 151732/151732 +~~ total memory allocated....: 7752194 bytes +~~ total memory freed........: 7752194 bytes +~~ total allocations/frees...: 146135/146135 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 520 chars ~~ json string max len.......: 2713 chars diff --git a/test/results/default/NTPv2.pcap.out b/test/results/default/NTPv2.pcap.out index ceb9ed942..45aa7f63c 100644 --- a/test/results/default/NTPv2.pcap.out +++ b/test/results/default/NTPv2.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964128 bytes -~~ total memory freed........: 7964128 bytes -~~ total allocations/frees...: 148288/148288 +~~ total memory allocated....: 7593789 bytes +~~ total memory freed........: 7593789 bytes +~~ total allocations/frees...: 142691/142691 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 1087 chars diff --git a/test/results/default/NTPv3.pcap.out b/test/results/default/NTPv3.pcap.out index ab66220dc..f12bd2638 100644 --- a/test/results/default/NTPv3.pcap.out +++ b/test/results/default/NTPv3.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964128 bytes -~~ total memory freed........: 7964128 bytes -~~ total allocations/frees...: 148288/148288 +~~ total memory allocated....: 7593789 bytes +~~ total memory freed........: 7593789 bytes +~~ total allocations/frees...: 142691/142691 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 1084 chars diff --git a/test/results/default/NTPv4.pcap.out b/test/results/default/NTPv4.pcap.out index db73b0039..8a6f92ab4 100644 --- a/test/results/default/NTPv4.pcap.out +++ b/test/results/default/NTPv4.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964128 bytes -~~ total memory freed........: 7964128 bytes -~~ total allocations/frees...: 148288/148288 +~~ total memory allocated....: 7593789 bytes +~~ total memory freed........: 7593789 bytes +~~ total allocations/frees...: 142691/142691 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 1084 chars diff --git a/test/results/default/Oscar.pcap.out b/test/results/default/Oscar.pcap.out index 9ab67b2bf..7dcd4e8cb 100644 --- a/test/results/default/Oscar.pcap.out +++ b/test/results/default/Oscar.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7968206 bytes -~~ total memory freed........: 7968206 bytes -~~ total allocations/frees...: 148359/148359 +~~ total memory allocated....: 7597867 bytes +~~ total memory freed........: 7597867 bytes +~~ total allocations/frees...: 142762/142762 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 2004 chars diff --git a/test/results/default/TivoDVR.pcap.out b/test/results/default/TivoDVR.pcap.out index 3b20374a5..c0fd4ac46 100644 --- a/test/results/default/TivoDVR.pcap.out +++ b/test/results/default/TivoDVR.pcap.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964129 bytes -~~ total memory freed........: 7964129 bytes -~~ total allocations/frees...: 148288/148288 +~~ total memory allocated....: 7593790 bytes +~~ total memory freed........: 7593790 bytes +~~ total allocations/frees...: 142691/142691 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 1093 chars diff --git a/test/results/default/WebattackRCE.pcap.out b/test/results/default/WebattackRCE.pcap.out index 127d80be8..2f7e9283a 100644 --- a/test/results/default/WebattackRCE.pcap.out +++ b/test/results/default/WebattackRCE.pcap.out @@ -3197,9 +3197,9 @@ ~~ total active/idle flows...: 797/797 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9809943 bytes -~~ total memory freed........: 9809943 bytes -~~ total allocations/frees...: 162411/162411 +~~ total memory allocated....: 9458708 bytes +~~ total memory freed........: 9458708 bytes +~~ total allocations/frees...: 156814/156814 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 518 chars ~~ json string max len.......: 1892 chars diff --git a/test/results/default/WebattackSQLinj.pcap.out b/test/results/default/WebattackSQLinj.pcap.out index 27863c670..987bd4df5 100644 --- a/test/results/default/WebattackSQLinj.pcap.out +++ b/test/results/default/WebattackSQLinj.pcap.out @@ -81,9 +81,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7987140 bytes -~~ total memory freed........: 7987140 bytes -~~ total allocations/frees...: 148552/148552 +~~ total memory allocated....: 7616993 bytes +~~ total memory freed........: 7616993 bytes +~~ total allocations/frees...: 142955/142955 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 521 chars ~~ json string max len.......: 1507 chars diff --git a/test/results/default/WebattackXSS.pcap.out b/test/results/default/WebattackXSS.pcap.out index 91f819df6..40eb6370e 100644 --- a/test/results/default/WebattackXSS.pcap.out +++ b/test/results/default/WebattackXSS.pcap.out @@ -5311,9 +5311,9 @@ ~~ total active/idle flows...: 661/661 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9630796 bytes -~~ total memory freed........: 9630796 bytes -~~ total allocations/frees...: 165093/165093 +~~ total memory allocated....: 9276297 bytes +~~ total memory freed........: 9276297 bytes +~~ total allocations/frees...: 159496/159496 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 518 chars ~~ json string max len.......: 2577 chars diff --git a/test/results/default/activision.pcap.out b/test/results/default/activision.pcap.out index 4e49ac983..716e524a0 100644 --- a/test/results/default/activision.pcap.out +++ b/test/results/default/activision.pcap.out @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7972139 bytes -~~ total memory freed........: 7972139 bytes -~~ total allocations/frees...: 148380/148380 +~~ total memory allocated....: 7601872 bytes +~~ total memory freed........: 7601872 bytes +~~ total allocations/frees...: 142783/142783 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 1101 chars diff --git a/test/results/default/adult_content.pcap.out b/test/results/default/adult_content.pcap.out index a7b22133a..79bfecc06 100644 --- a/test/results/default/adult_content.pcap.out +++ b/test/results/default/adult_content.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964824 bytes -~~ total memory freed........: 7964824 bytes -~~ total allocations/frees...: 148312/148312 +~~ total memory allocated....: 7594485 bytes +~~ total memory freed........: 7594485 bytes +~~ total allocations/frees...: 142715/142715 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 1195 chars diff --git a/test/results/default/afp.pcap.out b/test/results/default/afp.pcap.out index ab2d4607f..45b4785a9 100644 --- a/test/results/default/afp.pcap.out +++ b/test/results/default/afp.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964563 bytes -~~ total memory freed........: 7964563 bytes -~~ total allocations/frees...: 148303/148303 +~~ total memory allocated....: 7594224 bytes +~~ total memory freed........: 7594224 bytes +~~ total allocations/frees...: 142706/142706 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 1099 chars diff --git a/test/results/default/agora-sd-rtn.pcap.out b/test/results/default/agora-sd-rtn.pcap.out index 7f656621e..4f1c9c2c7 100644 --- a/test/results/default/agora-sd-rtn.pcap.out +++ b/test/results/default/agora-sd-rtn.pcap.out @@ -244,9 +244,9 @@ ~~ total active/idle flows...: 26/26 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8028286 bytes -~~ total memory freed........: 8028286 bytes -~~ total allocations/frees...: 148965/148965 +~~ total memory allocated....: 7658547 bytes +~~ total memory freed........: 7658547 bytes +~~ total allocations/frees...: 143368/143368 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 518 chars ~~ json string max len.......: 2185 chars diff --git a/test/results/default/ah.pcapng.out b/test/results/default/ah.pcapng.out index 183d10f75..53c88639d 100644 --- a/test/results/default/ah.pcapng.out +++ b/test/results/default/ah.pcapng.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966373 bytes -~~ total memory freed........: 7966373 bytes -~~ total allocations/frees...: 148304/148304 +~~ total memory allocated....: 7596058 bytes +~~ total memory freed........: 7596058 bytes +~~ total allocations/frees...: 142707/142707 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 1076 chars diff --git a/test/results/default/ajp.pcap.out b/test/results/default/ajp.pcap.out index 79a37233e..ff6a5f487 100644 --- a/test/results/default/ajp.pcap.out +++ b/test/results/default/ajp.pcap.out @@ -49,9 +49,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966953 bytes -~~ total memory freed........: 7966953 bytes -~~ total allocations/frees...: 148324/148324 +~~ total memory allocated....: 7596638 bytes +~~ total memory freed........: 7596638 bytes +~~ total allocations/frees...: 142727/142727 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 313 chars ~~ json string max len.......: 1513 chars diff --git a/test/results/default/alexa-app.pcapng.out b/test/results/default/alexa-app.pcapng.out index 903b6f57b..ab74a142f 100644 --- a/test/results/default/alexa-app.pcapng.out +++ b/test/results/default/alexa-app.pcapng.out @@ -1428,9 +1428,9 @@ ~~ total active/idle flows...: 160/160 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9085569 bytes -~~ total memory freed........: 9085569 bytes -~~ total allocations/frees...: 154002/154002 +~~ total memory allocated....: 8719046 bytes +~~ total memory freed........: 8719046 bytes +~~ total allocations/frees...: 148405/148405 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 300 chars ~~ json string max len.......: 2508 chars diff --git a/test/results/default/alicloud.pcap.out b/test/results/default/alicloud.pcap.out index b4a629e30..15758024a 100644 --- a/test/results/default/alicloud.pcap.out +++ b/test/results/default/alicloud.pcap.out @@ -141,9 +141,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8030744 bytes -~~ total memory freed........: 8030744 bytes -~~ total allocations/frees...: 148681/148681 +~~ total memory allocated....: 7660741 bytes +~~ total memory freed........: 7660741 bytes +~~ total allocations/frees...: 143084/143084 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 985 chars diff --git a/test/results/default/among_us.pcap.out b/test/results/default/among_us.pcap.out index a13d63174..a5413c158 100644 --- a/test/results/default/among_us.pcap.out +++ b/test/results/default/among_us.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964128 bytes -~~ total memory freed........: 7964128 bytes -~~ total allocations/frees...: 148288/148288 +~~ total memory allocated....: 7593789 bytes +~~ total memory freed........: 7593789 bytes +~~ total allocations/frees...: 142691/142691 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 1082 chars diff --git a/test/results/default/amqp.pcap.out b/test/results/default/amqp.pcap.out index 4fe981675..94e8d2311 100644 --- a/test/results/default/amqp.pcap.out +++ b/test/results/default/amqp.pcap.out @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7979083 bytes -~~ total memory freed........: 7979083 bytes -~~ total allocations/frees...: 148472/148472 +~~ total memory allocated....: 7608792 bytes +~~ total memory freed........: 7608792 bytes +~~ total allocations/frees...: 142875/142875 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 2263 chars diff --git a/test/results/default/android.pcap.out b/test/results/default/android.pcap.out index 16f77cda7..d2ac8ece3 100644 --- a/test/results/default/android.pcap.out +++ b/test/results/default/android.pcap.out @@ -441,9 +441,9 @@ ~~ total active/idle flows...: 63/63 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8350377 bytes -~~ total memory freed........: 8350377 bytes -~~ total allocations/frees...: 149727/149727 +~~ total memory allocated....: 7981526 bytes +~~ total memory freed........: 7981526 bytes +~~ total allocations/frees...: 144130/144130 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2635 chars diff --git a/test/results/default/anyconnect-vpn.pcap.out b/test/results/default/anyconnect-vpn.pcap.out index ed05d750b..6fb4863c7 100644 --- a/test/results/default/anyconnect-vpn.pcap.out +++ b/test/results/default/anyconnect-vpn.pcap.out @@ -465,9 +465,9 @@ ~~ total active/idle flows...: 69/69 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8218808 bytes -~~ total memory freed........: 8218808 bytes -~~ total allocations/frees...: 149703/149703 +~~ total memory allocated....: 7850101 bytes +~~ total memory freed........: 7850101 bytes +~~ total allocations/frees...: 144106/144106 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 520 chars ~~ json string max len.......: 2780 chars diff --git a/test/results/default/anydesk.pcapng.out b/test/results/default/anydesk.pcapng.out index 15664ff3e..611c5dd03 100644 --- a/test/results/default/anydesk.pcapng.out +++ b/test/results/default/anydesk.pcapng.out @@ -73,9 +73,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8028232 bytes -~~ total memory freed........: 8028232 bytes -~~ total allocations/frees...: 148563/148563 +~~ total memory allocated....: 7658037 bytes +~~ total memory freed........: 7658037 bytes +~~ total allocations/frees...: 142966/142966 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 2677 chars diff --git a/test/results/default/avast.pcap.out b/test/results/default/avast.pcap.out index 44d183740..7c0b36265 100644 --- a/test/results/default/avast.pcap.out +++ b/test/results/default/avast.pcap.out @@ -107,9 +107,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8007597 bytes -~~ total memory freed........: 8007597 bytes -~~ total allocations/frees...: 148538/148538 +~~ total memory allocated....: 7637474 bytes +~~ total memory freed........: 7637474 bytes +~~ total allocations/frees...: 142941/142941 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 966 chars diff --git a/test/results/default/avast_securedns.pcapng.out b/test/results/default/avast_securedns.pcapng.out index 79022a7d2..537b5bee1 100644 --- a/test/results/default/avast_securedns.pcapng.out +++ b/test/results/default/avast_securedns.pcapng.out @@ -224,9 +224,9 @@ ~~ total active/idle flows...: 39/39 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8046132 bytes -~~ total memory freed........: 8046132 bytes -~~ total allocations/frees...: 148782/148782 +~~ total memory allocated....: 7676705 bytes +~~ total memory freed........: 7676705 bytes +~~ total allocations/frees...: 143185/143185 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 523 chars ~~ json string max len.......: 1118 chars diff --git a/test/results/default/bacnet.pcap.out b/test/results/default/bacnet.pcap.out index 300480ade..d16d21f53 100644 --- a/test/results/default/bacnet.pcap.out +++ b/test/results/default/bacnet.pcap.out @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7983666 bytes -~~ total memory freed........: 7983666 bytes -~~ total allocations/frees...: 148409/148409 +~~ total memory allocated....: 7613543 bytes +~~ total memory freed........: 7613543 bytes +~~ total allocations/frees...: 142812/142812 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 1104 chars diff --git a/test/results/default/bad-dns-traffic.pcap.out b/test/results/default/bad-dns-traffic.pcap.out index ace101691..614cebc1d 100644 --- a/test/results/default/bad-dns-traffic.pcap.out +++ b/test/results/default/bad-dns-traffic.pcap.out @@ -45,9 +45,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7979701 bytes -~~ total memory freed........: 7979701 bytes -~~ total allocations/frees...: 148697/148697 +~~ total memory allocated....: 7609410 bytes +~~ total memory freed........: 7609410 bytes +~~ total allocations/frees...: 143100/143100 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 521 chars ~~ json string max len.......: 2494 chars diff --git a/test/results/default/badpackets.pcap.out b/test/results/default/badpackets.pcap.out index cb7b52eaa..8e32da5f5 100644 --- a/test/results/default/badpackets.pcap.out +++ b/test/results/default/badpackets.pcap.out @@ -200,9 +200,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7961999 bytes -~~ total memory freed........: 7961999 bytes -~~ total allocations/frees...: 148276/148276 +~~ total memory allocated....: 7591636 bytes +~~ total memory freed........: 7591636 bytes +~~ total allocations/frees...: 142679/142679 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 320 chars ~~ json string max len.......: 2335 chars diff --git a/test/results/default/bitcoin.pcap.out b/test/results/default/bitcoin.pcap.out index 3e2abb2e7..fb58935ac 100644 --- a/test/results/default/bitcoin.pcap.out +++ b/test/results/default/bitcoin.pcap.out @@ -64,9 +64,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7993072 bytes -~~ total memory freed........: 7993072 bytes -~~ total allocations/frees...: 148979/148979 +~~ total memory allocated....: 7622853 bytes +~~ total memory freed........: 7622853 bytes +~~ total allocations/frees...: 143382/143382 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2493 chars diff --git a/test/results/default/bittorrent.pcap.out b/test/results/default/bittorrent.pcap.out index d0b58011e..b70ec24b2 100644 --- a/test/results/default/bittorrent.pcap.out +++ b/test/results/default/bittorrent.pcap.out @@ -170,9 +170,9 @@ ~~ total active/idle flows...: 24/24 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8066126 bytes -~~ total memory freed........: 8066126 bytes -~~ total allocations/frees...: 148861/148861 +~~ total memory allocated....: 7696339 bytes +~~ total memory freed........: 7696339 bytes +~~ total allocations/frees...: 143264/143264 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 2508 chars diff --git a/test/results/default/bittorrent_tcp_miss.pcapng.out b/test/results/default/bittorrent_tcp_miss.pcapng.out index 13a0752dd..cb291096d 100644 --- a/test/results/default/bittorrent_tcp_miss.pcapng.out +++ b/test/results/default/bittorrent_tcp_miss.pcapng.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7969047 bytes -~~ total memory freed........: 7969047 bytes -~~ total allocations/frees...: 148388/148388 +~~ total memory allocated....: 7598708 bytes +~~ total memory freed........: 7598708 bytes +~~ total allocations/frees...: 142791/142791 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 527 chars ~~ json string max len.......: 2336 chars diff --git a/test/results/default/bittorrent_utp.pcap.out b/test/results/default/bittorrent_utp.pcap.out index 9d8bf9f6a..d3352705e 100644 --- a/test/results/default/bittorrent_utp.pcap.out +++ b/test/results/default/bittorrent_utp.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966593 bytes -~~ total memory freed........: 7966593 bytes -~~ total allocations/frees...: 148373/148373 +~~ total memory allocated....: 7596254 bytes +~~ total memory freed........: 7596254 bytes +~~ total allocations/frees...: 142776/142776 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 520 chars ~~ json string max len.......: 2377 chars diff --git a/test/results/default/bjnp.pcap.out b/test/results/default/bjnp.pcap.out index 403388913..a678ff29f 100644 --- a/test/results/default/bjnp.pcap.out +++ b/test/results/default/bjnp.pcap.out @@ -49,9 +49,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7983289 bytes -~~ total memory freed........: 7983289 bytes -~~ total allocations/frees...: 148396/148396 +~~ total memory allocated....: 7613166 bytes +~~ total memory freed........: 7613166 bytes +~~ total allocations/frees...: 142799/142799 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 1095 chars diff --git a/test/results/default/bot.pcap.out b/test/results/default/bot.pcap.out index 7dc8699ac..2d01576c8 100644 --- a/test/results/default/bot.pcap.out +++ b/test/results/default/bot.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7975986 bytes -~~ total memory freed........: 7975986 bytes -~~ total allocations/frees...: 148695/148695 +~~ total memory allocated....: 7605647 bytes +~~ total memory freed........: 7605647 bytes +~~ total allocations/frees...: 143098/143098 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 2255 chars diff --git a/test/results/default/bt-dns.pcap.out b/test/results/default/bt-dns.pcap.out index 15a237979..f7faaa04b 100644 --- a/test/results/default/bt-dns.pcap.out +++ b/test/results/default/bt-dns.pcap.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964157 bytes -~~ total memory freed........: 7964157 bytes -~~ total allocations/frees...: 148289/148289 +~~ total memory allocated....: 7593818 bytes +~~ total memory freed........: 7593818 bytes +~~ total allocations/frees...: 142692/142692 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 1155 chars diff --git a/test/results/default/bt-http.pcapng.out b/test/results/default/bt-http.pcapng.out index 18d79842c..f98c629dc 100644 --- a/test/results/default/bt-http.pcapng.out +++ b/test/results/default/bt-http.pcapng.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7965119 bytes -~~ total memory freed........: 7965119 bytes -~~ total allocations/frees...: 148316/148316 +~~ total memory allocated....: 7594780 bytes +~~ total memory freed........: 7594780 bytes +~~ total allocations/frees...: 142719/142719 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 1317 chars diff --git a/test/results/default/bt_search.pcap.out b/test/results/default/bt_search.pcap.out index a35df906f..042dae742 100644 --- a/test/results/default/bt_search.pcap.out +++ b/test/results/default/bt_search.pcap.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964129 bytes -~~ total memory freed........: 7964129 bytes -~~ total allocations/frees...: 148288/148288 +~~ total memory allocated....: 7593790 bytes +~~ total memory freed........: 7593790 bytes +~~ total allocations/frees...: 142691/142691 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 969 chars diff --git a/test/results/default/cachefly.pcapng.out b/test/results/default/cachefly.pcapng.out index faa63e3d2..270bc946a 100644 --- a/test/results/default/cachefly.pcapng.out +++ b/test/results/default/cachefly.pcapng.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8013767 bytes -~~ total memory freed........: 8013767 bytes -~~ total allocations/frees...: 148358/148358 +~~ total memory allocated....: 7643428 bytes +~~ total memory freed........: 7643428 bytes +~~ total allocations/frees...: 142761/142761 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 2707 chars diff --git a/test/results/default/capwap.pcap.out b/test/results/default/capwap.pcap.out index 141b3c794..7ea226763 100644 --- a/test/results/default/capwap.pcap.out +++ b/test/results/default/capwap.pcap.out @@ -76,9 +76,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7983956 bytes -~~ total memory freed........: 7983956 bytes -~~ total allocations/frees...: 148726/148726 +~~ total memory allocated....: 7613713 bytes +~~ total memory freed........: 7613713 bytes +~~ total allocations/frees...: 143129/143129 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 297 chars ~~ json string max len.......: 2383 chars diff --git a/test/results/default/capwap_data.pcapng.out b/test/results/default/capwap_data.pcapng.out index 6589f1554..d6421dc8d 100644 --- a/test/results/default/capwap_data.pcapng.out +++ b/test/results/default/capwap_data.pcapng.out @@ -37,9 +37,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7961999 bytes -~~ total memory freed........: 7961999 bytes -~~ total allocations/frees...: 148276/148276 +~~ total memory allocated....: 7591636 bytes +~~ total memory freed........: 7591636 bytes +~~ total allocations/frees...: 142679/142679 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 306 chars ~~ json string max len.......: 738 chars diff --git a/test/results/default/cassandra.pcap.out b/test/results/default/cassandra.pcap.out index d64f369a1..3e343c448 100644 --- a/test/results/default/cassandra.pcap.out +++ b/test/results/default/cassandra.pcap.out @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7978589 bytes -~~ total memory freed........: 7978589 bytes -~~ total allocations/frees...: 148586/148586 +~~ total memory allocated....: 7608274 bytes +~~ total memory freed........: 7608274 bytes +~~ total allocations/frees...: 142989/142989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 2202 chars diff --git a/test/results/default/check_mk_new.pcap.out b/test/results/default/check_mk_new.pcap.out index 0583699f3..bcba30552 100644 --- a/test/results/default/check_mk_new.pcap.out +++ b/test/results/default/check_mk_new.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966941 bytes -~~ total memory freed........: 7966941 bytes -~~ total allocations/frees...: 148385/148385 +~~ total memory allocated....: 7596602 bytes +~~ total memory freed........: 7596602 bytes +~~ total allocations/frees...: 142788/142788 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 518 chars ~~ json string max len.......: 2133 chars diff --git a/test/results/default/chrome.pcap.out b/test/results/default/chrome.pcap.out index 86b69bf06..8152a3e25 100644 --- a/test/results/default/chrome.pcap.out +++ b/test/results/default/chrome.pcap.out @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8165056 bytes -~~ total memory freed........: 8165056 bytes -~~ total allocations/frees...: 148519/148519 +~~ total memory allocated....: 7794837 bytes +~~ total memory freed........: 7794837 bytes +~~ total allocations/frees...: 142922/142922 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 1409 chars diff --git a/test/results/default/citrix.pcap.out b/test/results/default/citrix.pcap.out index 6157cffca..548b47c14 100644 --- a/test/results/default/citrix.pcap.out +++ b/test/results/default/citrix.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966999 bytes -~~ total memory freed........: 7966999 bytes -~~ total allocations/frees...: 148387/148387 +~~ total memory allocated....: 7596660 bytes +~~ total memory freed........: 7596660 bytes +~~ total allocations/frees...: 142790/142790 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 500 chars ~~ json string max len.......: 2056 chars diff --git a/test/results/default/cloudflare-warp.pcap.out b/test/results/default/cloudflare-warp.pcap.out index b805fc239..db1c2a247 100644 --- a/test/results/default/cloudflare-warp.pcap.out +++ b/test/results/default/cloudflare-warp.pcap.out @@ -69,9 +69,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8003125 bytes -~~ total memory freed........: 8003125 bytes -~~ total allocations/frees...: 148452/148452 +~~ total memory allocated....: 7632954 bytes +~~ total memory freed........: 7632954 bytes +~~ total allocations/frees...: 142855/142855 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 521 chars ~~ json string max len.......: 1547 chars diff --git a/test/results/default/coap_mqtt.pcap.out b/test/results/default/coap_mqtt.pcap.out index 68fe998ad..956d47e79 100644 --- a/test/results/default/coap_mqtt.pcap.out +++ b/test/results/default/coap_mqtt.pcap.out @@ -127,9 +127,9 @@ ~~ total active/idle flows...: 16/16 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8035111 bytes -~~ total memory freed........: 8035111 bytes -~~ total allocations/frees...: 149536/149536 +~~ total memory allocated....: 7665132 bytes +~~ total memory freed........: 7665132 bytes +~~ total allocations/frees...: 143939/143939 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 2431 chars diff --git a/test/results/default/collectd.pcap.out b/test/results/default/collectd.pcap.out index f57cd3481..4951b92d3 100644 --- a/test/results/default/collectd.pcap.out +++ b/test/results/default/collectd.pcap.out @@ -80,9 +80,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7983164 bytes -~~ total memory freed........: 7983164 bytes -~~ total allocations/frees...: 148453/148453 +~~ total memory allocated....: 7613017 bytes +~~ total memory freed........: 7613017 bytes +~~ total allocations/frees...: 142856/142856 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2401 chars diff --git a/test/results/default/corba.pcap.out b/test/results/default/corba.pcap.out index 9ea493988..67fc4e456 100644 --- a/test/results/default/corba.pcap.out +++ b/test/results/default/corba.pcap.out @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7975081 bytes -~~ total memory freed........: 7975081 bytes -~~ total allocations/frees...: 148334/148334 +~~ total memory allocated....: 7604790 bytes +~~ total memory freed........: 7604790 bytes +~~ total allocations/frees...: 142737/142737 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 1190 chars diff --git a/test/results/default/cpha.pcap.out b/test/results/default/cpha.pcap.out index 27215289f..c049c13d7 100644 --- a/test/results/default/cpha.pcap.out +++ b/test/results/default/cpha.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964100 bytes -~~ total memory freed........: 7964100 bytes -~~ total allocations/frees...: 148287/148287 +~~ total memory allocated....: 7593761 bytes +~~ total memory freed........: 7593761 bytes +~~ total allocations/frees...: 142690/142690 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 950 chars diff --git a/test/results/default/crawler_false_positive.pcapng.out b/test/results/default/crawler_false_positive.pcapng.out index ed8f06978..c22a330db 100644 --- a/test/results/default/crawler_false_positive.pcapng.out +++ b/test/results/default/crawler_false_positive.pcapng.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964552 bytes -~~ total memory freed........: 7964552 bytes -~~ total allocations/frees...: 148304/148304 +~~ total memory allocated....: 7594213 bytes +~~ total memory freed........: 7594213 bytes +~~ total allocations/frees...: 142707/142707 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 530 chars ~~ json string max len.......: 1093 chars diff --git a/test/results/default/crynet.pcap.out b/test/results/default/crynet.pcap.out index 39f56e192..940393ba1 100644 --- a/test/results/default/crynet.pcap.out +++ b/test/results/default/crynet.pcap.out @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7972139 bytes -~~ total memory freed........: 7972139 bytes -~~ total allocations/frees...: 148380/148380 +~~ total memory allocated....: 7601872 bytes +~~ total memory freed........: 7601872 bytes +~~ total allocations/frees...: 142783/142783 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 1100 chars diff --git a/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out b/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out index 7720bf34b..83cde6ed8 100644 --- a/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out +++ b/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966428 bytes -~~ total memory freed........: 7966428 bytes -~~ total allocations/frees...: 148306/148306 +~~ total memory allocated....: 7596113 bytes +~~ total memory freed........: 7596113 bytes +~~ total allocations/frees...: 142709/142709 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 543 chars ~~ json string max len.......: 1074 chars diff --git a/test/results/default/dazn.pcapng.out b/test/results/default/dazn.pcapng.out index 72cc5287f..c57abb75c 100644 --- a/test/results/default/dazn.pcapng.out +++ b/test/results/default/dazn.pcapng.out @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7981019 bytes -~~ total memory freed........: 7981019 bytes -~~ total allocations/frees...: 148333/148333 +~~ total memory allocated....: 7610728 bytes +~~ total memory freed........: 7610728 bytes +~~ total allocations/frees...: 142736/142736 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2497 chars diff --git a/test/results/default/dcerpc.pcap.out b/test/results/default/dcerpc.pcap.out index 777fac9db..6894fb187 100644 --- a/test/results/default/dcerpc.pcap.out +++ b/test/results/default/dcerpc.pcap.out @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7970863 bytes -~~ total memory freed........: 7970863 bytes -~~ total allocations/frees...: 148336/148336 +~~ total memory allocated....: 7600596 bytes +~~ total memory freed........: 7600596 bytes +~~ total allocations/frees...: 142739/142739 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 1808 chars diff --git a/test/results/default/dhcp-fuzz.pcapng.out b/test/results/default/dhcp-fuzz.pcapng.out index f519911f0..d43ffae3a 100644 --- a/test/results/default/dhcp-fuzz.pcapng.out +++ b/test/results/default/dhcp-fuzz.pcapng.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964100 bytes -~~ total memory freed........: 7964100 bytes -~~ total allocations/frees...: 148287/148287 +~~ total memory allocated....: 7593761 bytes +~~ total memory freed........: 7593761 bytes +~~ total allocations/frees...: 142690/142690 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 517 chars ~~ json string max len.......: 1004 chars diff --git a/test/results/default/diameter.pcap.out b/test/results/default/diameter.pcap.out index 61c448cf7..7beed3c9c 100644 --- a/test/results/default/diameter.pcap.out +++ b/test/results/default/diameter.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964273 bytes -~~ total memory freed........: 7964273 bytes -~~ total allocations/frees...: 148293/148293 +~~ total memory allocated....: 7593934 bytes +~~ total memory freed........: 7593934 bytes +~~ total allocations/frees...: 142696/142696 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 1107 chars diff --git a/test/results/default/discord.pcap.out b/test/results/default/discord.pcap.out index a35a85edc..753b4ee07 100644 --- a/test/results/default/discord.pcap.out +++ b/test/results/default/discord.pcap.out @@ -322,9 +322,9 @@ ~~ total active/idle flows...: 34/34 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8052321 bytes -~~ total memory freed........: 8052321 bytes -~~ total allocations/frees...: 149072/149072 +~~ total memory allocated....: 7682774 bytes +~~ total memory freed........: 7682774 bytes +~~ total allocations/frees...: 143475/143475 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2458 chars diff --git a/test/results/default/discord_mid_flow.pcap.out b/test/results/default/discord_mid_flow.pcap.out index 9e74cb5dd..64d3602da 100644 --- a/test/results/default/discord_mid_flow.pcap.out +++ b/test/results/default/discord_mid_flow.pcap.out @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7961999 bytes -~~ total memory freed........: 7961999 bytes -~~ total allocations/frees...: 148276/148276 +~~ total memory allocated....: 7591636 bytes +~~ total memory freed........: 7591636 bytes +~~ total allocations/frees...: 142679/142679 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 309 chars ~~ json string max len.......: 590 chars diff --git a/test/results/default/dlt_ppp.pcap.out b/test/results/default/dlt_ppp.pcap.out index cc4d3eabc..2159bca4e 100644 --- a/test/results/default/dlt_ppp.pcap.out +++ b/test/results/default/dlt_ppp.pcap.out @@ -10,9 +10,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7961999 bytes -~~ total memory freed........: 7961999 bytes -~~ total allocations/frees...: 148276/148276 +~~ total memory allocated....: 7591636 bytes +~~ total memory freed........: 7591636 bytes +~~ total allocations/frees...: 142679/142679 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 277 chars ~~ json string max len.......: 1955 chars diff --git a/test/results/default/dnp3.pcap.out b/test/results/default/dnp3.pcap.out index 378d67430..99803e3a2 100644 --- a/test/results/default/dnp3.pcap.out +++ b/test/results/default/dnp3.pcap.out @@ -87,9 +87,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7994994 bytes -~~ total memory freed........: 7994994 bytes -~~ total allocations/frees...: 148923/148923 +~~ total memory allocated....: 7624823 bytes +~~ total memory freed........: 7624823 bytes +~~ total allocations/frees...: 143326/143326 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 2098 chars diff --git a/test/results/default/dns-invalid-chars.pcap.out b/test/results/default/dns-invalid-chars.pcap.out index 88929b211..7cc0d6062 100644 --- a/test/results/default/dns-invalid-chars.pcap.out +++ b/test/results/default/dns-invalid-chars.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964157 bytes -~~ total memory freed........: 7964157 bytes -~~ total allocations/frees...: 148289/148289 +~~ total memory allocated....: 7593818 bytes +~~ total memory freed........: 7593818 bytes +~~ total allocations/frees...: 142692/142692 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 523 chars ~~ json string max len.......: 1317 chars diff --git a/test/results/default/dns-tunnel-iodine.pcap.out b/test/results/default/dns-tunnel-iodine.pcap.out index 96f2a41ce..d1a4b5dc4 100644 --- a/test/results/default/dns-tunnel-iodine.pcap.out +++ b/test/results/default/dns-tunnel-iodine.pcap.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7976735 bytes -~~ total memory freed........: 7976735 bytes -~~ total allocations/frees...: 148723/148723 +~~ total memory allocated....: 7606396 bytes +~~ total memory freed........: 7606396 bytes +~~ total allocations/frees...: 143126/143126 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 523 chars ~~ json string max len.......: 2394 chars diff --git a/test/results/default/dns_ambiguous_names.pcap.out b/test/results/default/dns_ambiguous_names.pcap.out index 5f0aaa684..a412a49df 100644 --- a/test/results/default/dns_ambiguous_names.pcap.out +++ b/test/results/default/dns_ambiguous_names.pcap.out @@ -69,9 +69,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7983603 bytes -~~ total memory freed........: 7983603 bytes -~~ total allocations/frees...: 148407/148407 +~~ total memory allocated....: 7613480 bytes +~~ total memory freed........: 7613480 bytes +~~ total allocations/frees...: 142810/142810 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 525 chars ~~ json string max len.......: 1216 chars diff --git a/test/results/default/dns_doh.pcap.out b/test/results/default/dns_doh.pcap.out index eeb70e4bf..7118d6de0 100644 --- a/test/results/default/dns_doh.pcap.out +++ b/test/results/default/dns_doh.pcap.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7977740 bytes -~~ total memory freed........: 7977740 bytes -~~ total allocations/frees...: 148435/148435 +~~ total memory allocated....: 7607401 bytes +~~ total memory freed........: 7607401 bytes +~~ total allocations/frees...: 142838/142838 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2171 chars diff --git a/test/results/default/dns_dot.pcap.out b/test/results/default/dns_dot.pcap.out index d55b178c6..1583fbb9e 100644 --- a/test/results/default/dns_dot.pcap.out +++ b/test/results/default/dns_dot.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7973129 bytes -~~ total memory freed........: 7973129 bytes -~~ total allocations/frees...: 148329/148329 +~~ total memory allocated....: 7602790 bytes +~~ total memory freed........: 7602790 bytes +~~ total allocations/frees...: 142732/142732 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 1916 chars diff --git a/test/results/default/dns_exfiltration.pcap.out b/test/results/default/dns_exfiltration.pcap.out index c7d172d47..dbd0b574c 100644 --- a/test/results/default/dns_exfiltration.pcap.out +++ b/test/results/default/dns_exfiltration.pcap.out @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7972913 bytes -~~ total memory freed........: 7972913 bytes -~~ total allocations/frees...: 148589/148589 +~~ total memory allocated....: 7602574 bytes +~~ total memory freed........: 7602574 bytes +~~ total allocations/frees...: 142992/142992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 522 chars ~~ json string max len.......: 2502 chars diff --git a/test/results/default/dns_fragmented.pcap.out b/test/results/default/dns_fragmented.pcap.out index 6a1a093c6..ca9b989c1 100644 --- a/test/results/default/dns_fragmented.pcap.out +++ b/test/results/default/dns_fragmented.pcap.out @@ -158,9 +158,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8008030 bytes -~~ total memory freed........: 8008030 bytes -~~ total allocations/frees...: 148576/148576 +~~ total memory allocated....: 7638171 bytes +~~ total memory freed........: 7638171 bytes +~~ total allocations/frees...: 142979/142979 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 325 chars ~~ json string max len.......: 2522 chars diff --git a/test/results/default/dns_invert_query.pcapng.out b/test/results/default/dns_invert_query.pcapng.out index 7b7a64e83..6ba70900e 100644 --- a/test/results/default/dns_invert_query.pcapng.out +++ b/test/results/default/dns_invert_query.pcapng.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964129 bytes -~~ total memory freed........: 7964129 bytes -~~ total allocations/frees...: 148288/148288 +~~ total memory allocated....: 7593790 bytes +~~ total memory freed........: 7593790 bytes +~~ total allocations/frees...: 142691/142691 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 524 chars ~~ json string max len.......: 1070 chars diff --git a/test/results/default/dns_long_domainname.pcap.out b/test/results/default/dns_long_domainname.pcap.out index 07e4a2bcc..5ea202d2b 100644 --- a/test/results/default/dns_long_domainname.pcap.out +++ b/test/results/default/dns_long_domainname.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964181 bytes -~~ total memory freed........: 7964181 bytes -~~ total allocations/frees...: 148290/148290 +~~ total memory allocated....: 7593842 bytes +~~ total memory freed........: 7593842 bytes +~~ total allocations/frees...: 142693/142693 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 525 chars ~~ json string max len.......: 1221 chars diff --git a/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out index d827c1bc3..42fa75457 100644 --- a/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out @@ -1545,9 +1545,9 @@ ~~ total active/idle flows...: 245/245 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8490651 bytes -~~ total memory freed........: 8490651 bytes -~~ total allocations/frees...: 151459/151459 +~~ total memory allocated....: 8126168 bytes +~~ total memory freed........: 8126168 bytes +~~ total allocations/frees...: 145862/145862 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 338 chars ~~ json string max len.......: 2508 chars diff --git a/test/results/default/dnscrypt-v2-doh.pcap.out b/test/results/default/dnscrypt-v2-doh.pcap.out index e9dd42490..a4ceae81b 100644 --- a/test/results/default/dnscrypt-v2-doh.pcap.out +++ b/test/results/default/dnscrypt-v2-doh.pcap.out @@ -315,9 +315,9 @@ ~~ total active/idle flows...: 34/34 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8332487 bytes -~~ total memory freed........: 8332487 bytes -~~ total allocations/frees...: 149423/149423 +~~ total memory allocated....: 7962940 bytes +~~ total memory freed........: 7962940 bytes +~~ total allocations/frees...: 143826/143826 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 521 chars ~~ json string max len.......: 4788 chars diff --git a/test/results/default/dnscrypt-v2.pcap.out b/test/results/default/dnscrypt-v2.pcap.out index 4064868b7..a2153ab69 100644 --- a/test/results/default/dnscrypt-v2.pcap.out +++ b/test/results/default/dnscrypt-v2.pcap.out @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7968473 bytes -~~ total memory freed........: 7968473 bytes -~~ total allocations/frees...: 148315/148315 +~~ total memory allocated....: 7598182 bytes +~~ total memory freed........: 7598182 bytes +~~ total allocations/frees...: 142718/142718 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 517 chars ~~ json string max len.......: 1999 chars diff --git a/test/results/default/dnscrypt_skype_false_positive.pcapng.out b/test/results/default/dnscrypt_skype_false_positive.pcapng.out index 8ff2032db..d8a1650d5 100644 --- a/test/results/default/dnscrypt_skype_false_positive.pcapng.out +++ b/test/results/default/dnscrypt_skype_false_positive.pcapng.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964273 bytes -~~ total memory freed........: 7964273 bytes -~~ total allocations/frees...: 148293/148293 +~~ total memory allocated....: 7593934 bytes +~~ total memory freed........: 7593934 bytes +~~ total allocations/frees...: 142696/142696 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 537 chars ~~ json string max len.......: 1235 chars diff --git a/test/results/default/doh.pcapng.out b/test/results/default/doh.pcapng.out new file mode 100644 index 000000000..ebf353484 --- /dev/null +++ b/test/results/default/doh.pcapng.out @@ -0,0 +1,28 @@ +00506{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00569{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623220847881632} +00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847881632,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623220847881632,"pkt":"pJGxgjQ53KYyW3JVCABFAAA8GoVAAEAGW5DAqAH9AQEBAYycAbvJgv8BAAAAAKAC+vDR+gAAAgQFtAQCCAq18KmgAAAAAAEDAwc="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623220847893990,"pkt":"3KYyW3JVpJGxgjQ5CABFAAA0AABAADgGfh0BAQEBwKgB\/QG7jJzQgMYoyYL\/AoAS\/\/+80AAAAgQFtAEBBAIBAwMK"} +00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1623220847894289,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623220847894289,"pkt":"pJGxgjQ53KYyW3JVCABFAAAoGoZAAEAGW6PAqAH9AQEBAYycAbvJgv8C0IDGKVAQAfb7rwAAAAAAAAAA"} +00875{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":315,"pkt_l4_len":281,"thread_ts_usec":1623220847903684,"pkt":"pJGxgjQ53KYyW3JVCABFAAEtGodAAEAGWp3AqAH9AQEBAYycAbvJgv8C0IDGKVAYAfbHEwAAFgMBAQABAAD8AwPoLOpgwE25psercF8dtgS9urXcGuIXWON7hv8MEOxxwCBmK04kA9gzmAQCdEKOzz6ZUSvZIzIKAJ4xNU24mlRHDQAmzKjMqcAvwDDAK8AswBPACcAUwAoAnACdAC8ANcASAAoTAxMBEwIBAACNAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIBKfRS3py5Rs1YQ6EAtEgG+yypeHCfHggy9eoe\/nh6Bu"} +01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847903684,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"7c1e207beb00684bbbe144f1b0abe1d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847916856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623220847916856,"pkt":"3KYyW3JVpJGxgjQ5CABFAAAoTTlAADgGMPABAQEBwKgB\/QG7jJzQgMYpyYMAB1AQAEL8XgAAAAAAAAAA"} +01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847919967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623220847919967,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"7c1e207beb00684bbbe144f1b0abe1d5","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +02275{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220894239868,"flow_dst_last_pkt_time":1623220878891197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":606,"flow_dst_tot_l4_payload_len":3569,"midstream":0,"thread_ts_usec":1623220894239868,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":2495735.5,"max":15359810,"stddev":5583085.5,"var":31170844688384.0,"ent":2.4,"data": [12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810]},"pktlen": {"min":46,"avg":174.8,"max":1500,"stddev":350.9,"var":123099.2,"ent":3.6,"data": [60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0],"entropies": [4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":61,"flow_dst_packets_processed":59,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220970655801,"flow_dst_last_pkt_time":1623220970669537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1881,"flow_dst_tot_l4_payload_len":5821,"midstream":0,"thread_ts_usec":1623220970669537,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00581{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","packets-captured":120,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":7702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1623220970669537} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 120/120 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 7702 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7607170 bytes +~~ total memory freed........: 7607170 bytes +~~ total allocations/frees...: 142816/142816 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 511 chars +~~ json string max len.......: 2280 chars +~~ json string avg len.......: 1330 chars diff --git a/test/results/default/doq.pcapng.out b/test/results/default/doq.pcapng.out index ccd2e80c6..8885e13c2 100644 --- a/test/results/default/doq.pcapng.out +++ b/test/results/default/doq.pcapng.out @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7976913 bytes -~~ total memory freed........: 7976913 bytes -~~ total allocations/frees...: 148339/148339 +~~ total memory allocated....: 7606598 bytes +~~ total memory freed........: 7606598 bytes +~~ total allocations/frees...: 142742/142742 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 2220 chars diff --git a/test/results/default/doq_adguard.pcapng.out b/test/results/default/doq_adguard.pcapng.out index 684d47445..b873e2850 100644 --- a/test/results/default/doq_adguard.pcapng.out +++ b/test/results/default/doq_adguard.pcapng.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7982753 bytes -~~ total memory freed........: 7982753 bytes -~~ total allocations/frees...: 148604/148604 +~~ total memory allocated....: 7612414 bytes +~~ total memory freed........: 7612414 bytes +~~ total allocations/frees...: 143007/143007 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 2331 chars diff --git a/test/results/default/dos_win98_smb_netbeui.pcap.out b/test/results/default/dos_win98_smb_netbeui.pcap.out index fed9b176d..ef97f1ba9 100644 --- a/test/results/default/dos_win98_smb_netbeui.pcap.out +++ b/test/results/default/dos_win98_smb_netbeui.pcap.out @@ -116,9 +116,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7972113 bytes -~~ total memory freed........: 7972113 bytes -~~ total allocations/frees...: 148379/148379 +~~ total memory allocated....: 7601846 bytes +~~ total memory freed........: 7601846 bytes +~~ total allocations/frees...: 142782/142782 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 311 chars ~~ json string max len.......: 2200 chars diff --git a/test/results/default/drda_db2.pcap.out b/test/results/default/drda_db2.pcap.out index 866919219..dc2101a43 100644 --- a/test/results/default/drda_db2.pcap.out +++ b/test/results/default/drda_db2.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967249 bytes -~~ total memory freed........: 7967249 bytes -~~ total allocations/frees...: 148326/148326 +~~ total memory allocated....: 7596910 bytes +~~ total memory freed........: 7596910 bytes +~~ total allocations/frees...: 142729/142729 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2213 chars diff --git a/test/results/default/dropbox.pcap.out b/test/results/default/dropbox.pcap.out index 0cd4b537c..c74da769a 100644 --- a/test/results/default/dropbox.pcap.out +++ b/test/results/default/dropbox.pcap.out @@ -133,9 +133,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8017923 bytes -~~ total memory freed........: 8017923 bytes -~~ total allocations/frees...: 149283/149283 +~~ total memory allocated....: 7647920 bytes +~~ total memory freed........: 7647920 bytes +~~ total allocations/frees...: 143686/143686 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2356 chars diff --git a/test/results/default/dtls.pcap.out b/test/results/default/dtls.pcap.out index dd7bf7bba..41dfcc960 100644 --- a/test/results/default/dtls.pcap.out +++ b/test/results/default/dtls.pcap.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964165 bytes -~~ total memory freed........: 7964165 bytes -~~ total allocations/frees...: 148290/148290 +~~ total memory allocated....: 7593826 bytes +~~ total memory freed........: 7593826 bytes +~~ total allocations/frees...: 142693/142693 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 1413 chars diff --git a/test/results/default/dtls2.pcap.out b/test/results/default/dtls2.pcap.out index b15a2b758..5d9016134 100644 --- a/test/results/default/dtls2.pcap.out +++ b/test/results/default/dtls2.pcap.out @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7965057 bytes -~~ total memory freed........: 7965057 bytes -~~ total allocations/frees...: 148321/148321 +~~ total memory allocated....: 7594718 bytes +~~ total memory freed........: 7594718 bytes +~~ total allocations/frees...: 142724/142724 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 1633 chars diff --git a/test/results/default/dtls_certificate.pcapng.out b/test/results/default/dtls_certificate.pcapng.out index 1b24ac2d5..4b129927e 100644 --- a/test/results/default/dtls_certificate.pcapng.out +++ b/test/results/default/dtls_certificate.pcapng.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966397 bytes -~~ total memory freed........: 7966397 bytes -~~ total allocations/frees...: 148292/148292 +~~ total memory allocated....: 7596058 bytes +~~ total memory freed........: 7596058 bytes +~~ total allocations/frees...: 142695/142695 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 524 chars ~~ json string max len.......: 2481 chars diff --git a/test/results/default/dtls_certificate_fragments.pcap.out b/test/results/default/dtls_certificate_fragments.pcap.out index 45160bd03..5f62fcff1 100644 --- a/test/results/default/dtls_certificate_fragments.pcap.out +++ b/test/results/default/dtls_certificate_fragments.pcap.out @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7973636 bytes -~~ total memory freed........: 7973636 bytes -~~ total allocations/frees...: 148339/148339 +~~ total memory allocated....: 7603321 bytes +~~ total memory freed........: 7603321 bytes +~~ total allocations/frees...: 142742/142742 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 532 chars ~~ json string max len.......: 2433 chars diff --git a/test/results/default/dtls_mid_sessions.pcapng.out b/test/results/default/dtls_mid_sessions.pcapng.out index 5b9288fed..9e2ea312f 100644 --- a/test/results/default/dtls_mid_sessions.pcapng.out +++ b/test/results/default/dtls_mid_sessions.pcapng.out @@ -37,9 +37,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7973038 bytes -~~ total memory freed........: 7973038 bytes -~~ total allocations/frees...: 148411/148411 +~~ total memory allocated....: 7602771 bytes +~~ total memory freed........: 7602771 bytes +~~ total allocations/frees...: 142814/142814 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 525 chars ~~ json string max len.......: 2504 chars diff --git a/test/results/default/dtls_old_version.pcapng.out b/test/results/default/dtls_old_version.pcapng.out index a9973e47b..bbbc1f62b 100644 --- a/test/results/default/dtls_old_version.pcapng.out +++ b/test/results/default/dtls_old_version.pcapng.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964349 bytes -~~ total memory freed........: 7964349 bytes -~~ total allocations/frees...: 148296/148296 +~~ total memory allocated....: 7594010 bytes +~~ total memory freed........: 7594010 bytes +~~ total allocations/frees...: 142699/142699 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 524 chars ~~ json string max len.......: 1206 chars diff --git a/test/results/default/dtls_session_id_and_coockie_both.pcap.out b/test/results/default/dtls_session_id_and_coockie_both.pcap.out index f3da6c652..ff3f66c4c 100644 --- a/test/results/default/dtls_session_id_and_coockie_both.pcap.out +++ b/test/results/default/dtls_session_id_and_coockie_both.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964223 bytes -~~ total memory freed........: 7964223 bytes -~~ total allocations/frees...: 148292/148292 +~~ total memory allocated....: 7593884 bytes +~~ total memory freed........: 7593884 bytes +~~ total allocations/frees...: 142695/142695 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 538 chars ~~ json string max len.......: 1441 chars diff --git a/test/results/default/edonkey.pcap.out b/test/results/default/edonkey.pcap.out new file mode 100644 index 000000000..bc598e322 --- /dev/null +++ b/test/results/default/edonkey.pcap.out @@ -0,0 +1,26 @@ +00508{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00571{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1256627019012259} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256627019012259,"flow_src_last_pkt_time":1256627019012259,"flow_dst_last_pkt_time":1256627019012259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1256627019012259,"l3_proto":"ip4","src_ip":"201.15.177.227","dst_ip":"135.192.214.240","src_port":1754,"dst_port":7551,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1256627019012259,"flow_dst_last_pkt_time":1256627019012259,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1256627019012259,"pkt":"AAAAAAAAAAAAAAAACABFAAAwFXFAAHQGF7PJD7Hjh8DW8AbaHX\/iBcO2AAAAAHAC\/\/\/feQAAAgQFoAEBBAI="} +00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1256627019012259,"flow_dst_last_pkt_time":1256627019016300,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1256627019016300,"pkt":"AAAAAAAAAAAAAAAACABFAAAwOUtAAH0G6tiHwNbwyQ+x4x1\/BtrTGFiF4gXDt3AS\/\/+ztgAAAgQFtAEBBAI="} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1256627019101676,"flow_dst_last_pkt_time":1256627019016300,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1256627019101676,"pkt":"AAAAAAAAAAAAAAAACABFAAAoFXVAAHQGF7fJD7Hjh8DW8AbaHX\/iBcO30xhYhlAQ\/\/\/gegAAqqoAAKqq"} +00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1256627019107420,"flow_dst_last_pkt_time":1256627019016300,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1256627019107420,"pkt":"AAAAAAAAAAAAAAAACABFAACkFXdAAHQGFznJD7Hjh8DW8AbaHX\/iBcO30xhYhlAY\/\/8ZxAAA43cAAAABEBtCzVuUDtd5wgq3Vf4lb5d9SWfjik0IAAAAAgEAAQ8AW0NITl1bVmVyeUNEXXhmAwEAETwAAAACAQBVCgB4bCBidWlsZDYxAwEA7gzpiRQDAQD5okuiSwMBAPoUQhM0AwEA+wDAAAADAQD+lAAAAFURrCLhEA=="} +00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1256627019107420,"flow_dst_last_pkt_time":1256627019112512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1256627019112512,"pkt":"AAAAAAAAAAAAAAAACABFAACsOWpAAH0G6j2HwNbwyQ+x4x1\/BtrTGFiG4gXEM1AY\/4OcSAAA438AAABMOjVEqDEOKB1R7VGC9M9v1Ixx9M9\/HQgAAAACAQABFQBbQ0hOXVtWZXJ5Q0RdeW91cm5hbWUDAQARPAAAAAMBAPmJHYkdAwEA+htCEzQDAQD+tAEAAAMBAPsAwAAAAgEAVQ0AVmVyeUNEIDA5MDMwNAMBAO4M6YkU1D\/OI5IQ"} +01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1256627019012259,"flow_src_last_pkt_time":1256627019107420,"flow_dst_last_pkt_time":1256627019112512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1256627019112512,"l3_proto":"ip4","src_ip":"201.15.177.227","dst_ip":"135.192.214.240","src_port":1754,"dst_port":7551,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"eDonkey","proto_id":"36","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download"}} +01092{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":11,"flow_first_seen":1256627019012259,"flow_src_last_pkt_time":1256627076408213,"flow_dst_last_pkt_time":1256627076408912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":248,"flow_dst_tot_l4_payload_len":792,"midstream":0,"thread_ts_usec":1256627076408912,"l3_proto":"ip4","src_ip":"201.15.177.227","dst_ip":"135.192.214.240","src_port":1754,"dst_port":7551,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"eDonkey","proto_id":"36","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download"}} +00580{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":1040,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1256627076408912} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 17/17 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 1040 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7596301 bytes +~~ total memory freed........: 7596301 bytes +~~ total allocations/frees...: 142708/142708 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 513 chars +~~ json string max len.......: 1097 chars +~~ json string avg len.......: 782 chars diff --git a/test/results/default/elasticsearch.pcap.out b/test/results/default/elasticsearch.pcap.out index d4617526e..1158ed778 100644 --- a/test/results/default/elasticsearch.pcap.out +++ b/test/results/default/elasticsearch.pcap.out @@ -50,9 +50,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7992398 bytes -~~ total memory freed........: 7992398 bytes -~~ total allocations/frees...: 148407/148407 +~~ total memory allocated....: 7622203 bytes +~~ total memory freed........: 7622203 bytes +~~ total allocations/frees...: 142810/142810 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 2903 chars diff --git a/test/results/default/emotet.pcap.out b/test/results/default/emotet.pcap.out index 80c827287..5443ed93e 100644 --- a/test/results/default/emotet.pcap.out +++ b/test/results/default/emotet.pcap.out @@ -70,9 +70,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8067119 bytes -~~ total memory freed........: 8067119 bytes -~~ total allocations/frees...: 150752/150752 +~~ total memory allocated....: 7696949 bytes +~~ total memory freed........: 7696949 bytes +~~ total allocations/frees...: 145157/145157 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2416 chars diff --git a/test/results/default/encrypted_sni.pcap.out b/test/results/default/encrypted_sni.pcap.out index b44fdb9f8..d46aaa3cc 100644 --- a/test/results/default/encrypted_sni.pcap.out +++ b/test/results/default/encrypted_sni.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7976411 bytes -~~ total memory freed........: 7976411 bytes -~~ total allocations/frees...: 148324/148324 +~~ total memory allocated....: 7606120 bytes +~~ total memory freed........: 7606120 bytes +~~ total allocations/frees...: 142727/142727 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 1507 chars diff --git a/test/results/default/epicgames.pcapng.out b/test/results/default/epicgames.pcapng.out index af764dcbb..d6820a896 100644 --- a/test/results/default/epicgames.pcapng.out +++ b/test/results/default/epicgames.pcapng.out @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7972748 bytes -~~ total memory freed........: 7972748 bytes -~~ total allocations/frees...: 148401/148401 +~~ total memory allocated....: 7602481 bytes +~~ total memory freed........: 7602481 bytes +~~ total allocations/frees...: 142804/142804 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 517 chars ~~ json string max len.......: 984 chars diff --git a/test/results/default/esp.pcapng.out b/test/results/default/esp.pcapng.out index 47818eaf0..342a34a54 100644 --- a/test/results/default/esp.pcapng.out +++ b/test/results/default/esp.pcapng.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966373 bytes -~~ total memory freed........: 7966373 bytes -~~ total allocations/frees...: 148304/148304 +~~ total memory allocated....: 7596058 bytes +~~ total memory freed........: 7596058 bytes +~~ total allocations/frees...: 142707/142707 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 1077 chars diff --git a/test/results/default/ethereum.pcap.out b/test/results/default/ethereum.pcap.out index 912775250..100d6fbf2 100644 --- a/test/results/default/ethereum.pcap.out +++ b/test/results/default/ethereum.pcap.out @@ -579,9 +579,9 @@ ~~ total active/idle flows...: 74/74 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8175455 bytes -~~ total memory freed........: 8175455 bytes -~~ total allocations/frees...: 151092/151092 +~~ total memory allocated....: 7806868 bytes +~~ total memory freed........: 7806868 bytes +~~ total allocations/frees...: 145495/145495 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2259 chars diff --git a/test/results/default/ethernetIP.pcap.out b/test/results/default/ethernetIP.pcap.out index 6bb693db9..a50b0b2d5 100644 --- a/test/results/default/ethernetIP.pcap.out +++ b/test/results/default/ethernetIP.pcap.out @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7973299 bytes -~~ total memory freed........: 7973299 bytes -~~ total allocations/frees...: 148420/148420 +~~ total memory allocated....: 7603032 bytes +~~ total memory freed........: 7603032 bytes +~~ total allocations/frees...: 142823/142823 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 2151 chars diff --git a/test/results/default/exe_download.pcap.out b/test/results/default/exe_download.pcap.out index 681a5c02a..befa6083e 100644 --- a/test/results/default/exe_download.pcap.out +++ b/test/results/default/exe_download.pcap.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7984695 bytes -~~ total memory freed........: 7984695 bytes -~~ total allocations/frees...: 148998/148998 +~~ total memory allocated....: 7614373 bytes +~~ total memory freed........: 7614373 bytes +~~ total allocations/frees...: 143402/143402 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 518 chars ~~ json string max len.......: 2654 chars diff --git a/test/results/default/exe_download_as_png.pcap.out b/test/results/default/exe_download_as_png.pcap.out index 1f7246fd6..7c4ec9bb0 100644 --- a/test/results/default/exe_download_as_png.pcap.out +++ b/test/results/default/exe_download_as_png.pcap.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7979725 bytes -~~ total memory freed........: 7979725 bytes -~~ total allocations/frees...: 148828/148828 +~~ total memory allocated....: 7609386 bytes +~~ total memory freed........: 7609386 bytes +~~ total allocations/frees...: 143231/143231 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 525 chars ~~ json string max len.......: 2554 chars diff --git a/test/results/default/facebook.pcap.out b/test/results/default/facebook.pcap.out index 11e488bd3..6c9eccd1c 100644 --- a/test/results/default/facebook.pcap.out +++ b/test/results/default/facebook.pcap.out @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7983362 bytes -~~ total memory freed........: 7983362 bytes -~~ total allocations/frees...: 148383/148383 +~~ total memory allocated....: 7613047 bytes +~~ total memory freed........: 7613047 bytes +~~ total allocations/frees...: 142786/142786 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2200 chars diff --git a/test/results/default/fastcgi.pcap.out b/test/results/default/fastcgi.pcap.out index 17ced7595..3b6a85903 100644 --- a/test/results/default/fastcgi.pcap.out +++ b/test/results/default/fastcgi.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7969144 bytes -~~ total memory freed........: 7969144 bytes -~~ total allocations/frees...: 148392/148392 +~~ total memory allocated....: 7598805 bytes +~~ total memory freed........: 7598805 bytes +~~ total allocations/frees...: 142795/142795 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2127 chars diff --git a/test/results/default/firefox.pcap.out b/test/results/default/firefox.pcap.out index 1e5c3ee35..6f907bdd9 100644 --- a/test/results/default/firefox.pcap.out +++ b/test/results/default/firefox.pcap.out @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8120622 bytes -~~ total memory freed........: 8120622 bytes -~~ total allocations/frees...: 148515/148515 +~~ total memory allocated....: 7750403 bytes +~~ total memory freed........: 7750403 bytes +~~ total allocations/frees...: 142918/142918 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 1471 chars diff --git a/test/results/default/fix.pcap.out b/test/results/default/fix.pcap.out index e04d33a10..8a014feb6 100644 --- a/test/results/default/fix.pcap.out +++ b/test/results/default/fix.pcap.out @@ -110,9 +110,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8048344 bytes -~~ total memory freed........: 8048344 bytes -~~ total allocations/frees...: 149681/149681 +~~ total memory allocated....: 7678269 bytes +~~ total memory freed........: 7678269 bytes +~~ total allocations/frees...: 144084/144084 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 2339 chars diff --git a/test/results/default/fix2.pcap.out b/test/results/default/fix2.pcap.out index 4cb3de244..c023a27cd 100644 --- a/test/results/default/fix2.pcap.out +++ b/test/results/default/fix2.pcap.out @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8058629 bytes -~~ total memory freed........: 8058629 bytes -~~ total allocations/frees...: 151346/151346 +~~ total memory allocated....: 7688314 bytes +~~ total memory freed........: 7688314 bytes +~~ total allocations/frees...: 145749/145749 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 2064 chars diff --git a/test/results/default/forticlient.pcap.out b/test/results/default/forticlient.pcap.out index 241973853..6831e9b89 100644 --- a/test/results/default/forticlient.pcap.out +++ b/test/results/default/forticlient.pcap.out @@ -60,9 +60,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8077218 bytes -~~ total memory freed........: 8077218 bytes -~~ total allocations/frees...: 150371/150371 +~~ total memory allocated....: 7706975 bytes +~~ total memory freed........: 7706975 bytes +~~ total allocations/frees...: 144774/144774 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 517 chars ~~ json string max len.......: 2457 chars diff --git a/test/results/default/ftp-start-tls.pcap.out b/test/results/default/ftp-start-tls.pcap.out index 8923ac989..f130753b0 100644 --- a/test/results/default/ftp-start-tls.pcap.out +++ b/test/results/default/ftp-start-tls.pcap.out @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7971937 bytes -~~ total memory freed........: 7971937 bytes -~~ total allocations/frees...: 148346/148346 +~~ total memory allocated....: 7601598 bytes +~~ total memory freed........: 7601598 bytes +~~ total allocations/frees...: 142749/142749 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 1950 chars diff --git a/test/results/default/ftp.pcap.out b/test/results/default/ftp.pcap.out index 531c43e4a..e74cada33 100644 --- a/test/results/default/ftp.pcap.out +++ b/test/results/default/ftp.pcap.out @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8009042 bytes -~~ total memory freed........: 8009042 bytes -~~ total allocations/frees...: 149505/149505 +~~ total memory allocated....: 7638751 bytes +~~ total memory freed........: 7638751 bytes +~~ total allocations/frees...: 143908/143908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 2469 chars diff --git a/test/results/default/ftp_failed.pcap.out b/test/results/default/ftp_failed.pcap.out index 3fea50c56..e095c65e5 100644 --- a/test/results/default/ftp_failed.pcap.out +++ b/test/results/default/ftp_failed.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966696 bytes -~~ total memory freed........: 7966696 bytes -~~ total allocations/frees...: 148307/148307 +~~ total memory allocated....: 7596357 bytes +~~ total memory freed........: 7596357 bytes +~~ total allocations/frees...: 142710/142710 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 1236 chars diff --git a/test/results/default/fuzz-2006-06-26-2594.pcap.out b/test/results/default/fuzz-2006-06-26-2594.pcap.out index 4631aa1ed..e2be1b7d1 100644 --- a/test/results/default/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/default/fuzz-2006-06-26-2594.pcap.out @@ -1804,23 +1804,19 @@ 01331{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470985234614,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985234614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udq.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985348411,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985348411,"pkt":"ADBUADRWAODtAW69CABFAADIa\/wAAIARFmjAqAED1PIhJHUwncgAHRjegAhvrgAABNg3lstx1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1U\/V1dXV1REEHBgYEhIeEBQXahMcGAQEBQYBAQAHBQUZEwUbGRATGQUEBAcDAgMDAAACDQ0NAAEDDQwNAAABAgMBBgYBDw4eDAMABwYAAwMGBwEEBgYbHxwRaWBiFBEQFGoTFWBpYX10UltZ10dcVlJVREtCdatzeFp8bmgUag=="} -00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985348411,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985418358,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985418358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985418358,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985418358,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985418358,"pkt":"ADBUNjRWAODtAW69CABFAADIa\/0AAIARFmfAqAECJXMAJHUwncgAtL+rgAhvrwAABXg3lstxbmgVFGoUFBVpYG5qbG5kbGoWF2xubWBmfn9Fxsnw\/Ofz+uXwy+phC83k+sJTdF9CW\/bw8vzg7pfo8ldaT011Z399ZmV0dUN4S0dVQ2dmbWNsZGZkeGRvbxQUbBcRExAXEBwfHRAQFhAQHxwfGR4YEBcSFGxibWNqFRUXbmV3ckDQ93N9fmJnYmoVahcVZa9xWll+YGZ6cnJJZXpgeF1EQg=="} -00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985418358,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985418358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985418358,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985421891,"flow_src_last_pkt_time":1120470985421891,"flow_dst_last_pkt_time":1120470985421891,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985421891,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_src_last_pkt_time":1120470985421891,"flow_dst_last_pkt_time":1120470985421891,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985421891,"pkt":"ADBUADRWAODtAW69CABFAADIa\/4AAIARFmbAqAEC1PIhJHUwncgAtNyMgGNvsAAABhg3lstxcX5wdvzF0Et0dn92T1BB0VhmZ2V\/Z294Y2ZmahQXFhQREBAVb2ZPemVlYWJoYE9\/YWZkcnV4bWwVFRVqZ2xpYn94ZmBnY2F0zfjXdmNiYXhveHJgaW5jUFlwZTFkYc9lamoREhAQEx4fHx0XahRvRl1F3V5ESXjQxFFR39TfQXR\/Z9L15ebs6JeW7+DslJOU6uqUn5CcnJKX+Ofs5+Hg6g=="} -00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985421891,"flow_src_last_pkt_time":1120470985421891,"flow_dst_last_pkt_time":1120470985421891,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985421891,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":2,"flow_src_last_pkt_time":1120470985427557,"flow_dst_last_pkt_time":1120470985421891,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985427557,"pkt":"ADBUADRWAODtAW69CABFAADIa\/8AAIARFmXAqAEC1PIhJHUwncgAtJlvgAhvsQAABrg3lstxkpfo6Zfq5frn5uz6+gt4emFkcGBneMvv7+rslZHuqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":3,"flow_src_last_pkt_time":1120470985429664,"flow_dst_last_pkt_time":1120470985421891,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985429664,"pkt":"ADBUADRWAODtAW69CABFAADIbAAAAIARFmTAqAEC1PIhJHUwncgAtMoSgAhvsgAABVg3lstxRH1wXN719vLg7uHxw3h4ZHZhfE9UWV\/RzzPt5\/PklJOUlJXt4uzx+Pjm5vPHzf38\/fr05+3ikurj4ezn4+H6\/97AwEJ8S9DN9Vd1XdzJ8eDp6eXwzcXWRUJnZHhnYX96aHLW+ubo6eHg5\/DG\/MNRcE3B+ubNy+Xu7Obt7+qX4+7oy9fw3vLT3N1W19X49PBBf39jZnhmbBEdEWpqb2BweA=="} +00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470985421891,"flow_src_last_pkt_time":1120470985429664,"flow_dst_last_pkt_time":1120470985421891,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985429664,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":4,"flow_src_last_pkt_time":1120470985464477,"flow_dst_last_pkt_time":1120470985421891,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985464477,"pkt":"ADBUADRWAODtAW69CABFAADIbAEAAIARFmPAqAEC1PIhJHUwncgAtHeogAhvswAAB\/g3louqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":5,"flow_src_last_pkt_time":1120470985466372,"flow_dst_last_pkt_time":1120470985421891,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985466372,"pkt":"ADBUADRWAODtAW69CABFAADIbAIAAIARFmLAqAEC1PIhJHUwncgAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":631,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985504000,"flow_src_last_pkt_time":1120470985504000,"flow_dst_last_pkt_time":1120470985504000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985504000,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_src_last_pkt_time":1120470985504000,"flow_dst_last_pkt_time":1120470985504000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985504000,"pkt":"ADBUADRWAODtAW69CABFAADIbAMAAIARFmHAqAEC1vIhJHUwncgAtLaDgAhvtQAACTg3lstx6urs5ueUkJOXlZGWbOyVlOD46O7hzXXbxsfz\/OLg5ufawPH4wk3N8Obu7+Pv6unk4fj\/29jZ1\/7l4+Ht7JOXyOrs4vPPUfVQz97J5fLjl5GXkpyRl+jqk5aQlero4svh7+rslJfp6uP+9vbL+OLg5vj99\/LL9ub4+uTs6ZSVlJXp6Ojv7eqWkZOTnJORkpCbk5GXlpaRkJBK6ejp7JWXlw=="} -00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985504000,"flow_src_last_pkt_time":1120470985504000,"flow_dst_last_pkt_time":1120470985504000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985504000,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985511036,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985511036,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985511036,"pkt":"ADBUADRWAODtAb+9CABFAADIbAQAAIARFm9RqAEC1PIhJHUwncgAtIfqgAhvtgAACdg3lstxlpDplp2cmZ6fkpaRle3n9PTy\/CVzAJKehIeEmJGRl52QlJaX6OOU6JaRlp2cn4WEhZ2RkJeV6WOQnZ6EhJOFh4WFmYWYk7+dkpCQ6u\/qkZ2fmYSYnZ6Rk5OU7OD6+Pbh4PTl+OTo6unl9eXi7f7c1VT\/+uiX6JSUkJCV7uXm\/Obu7pWWkZeW7OPpk5Ofm5+Yk5WV7untlJeSkpeV7+qWkA=="} -00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985511036,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985511036,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470986363611,"packet_id":633,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":20992,"global_ts_usec":1120470986363611} 00502{"packet_event_id":1,"packet_event_name":"packet","packet_id":633,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":146,"pkt_type":20992,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":146,"pkt_l4_len":0,"thread_ts_usec":1120470985511036,"pkt":"ADBUADRWAODtAW69UgBFAACEbAVoAIARFqPAqAEC9PIhJHUxnckAcCyBgMgABjeWy3FCyQfKXvrGAwAAJMMAAAAJAAAGDIHKAAs3lstxAR0xMTg5NDI5Ny00NDMyYTlmOEAxOTIuMTY4LjEuMgYFU0lQUFMAAIHLAAY3lstxEHNlc3Npb24gc2h1dGRvd24AAAE="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":3,"flow_src_last_pkt_time":1120470987237142,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470987237142,"pkt":"ADBUADRWAODtAW69CABFAABIbAYAAIARS0vAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVR5AmRrAAAhAAE="} @@ -1916,11 +1912,11 @@ 01107{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470984353086,"flow_src_last_pkt_time":1120470984353086,"flow_dst_last_pkt_time":1120470984353086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01301{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470983860327,"flow_src_last_pkt_time":1120470983860327,"flow_dst_last_pkt_time":1120470983860327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470993243427,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985511036,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985511036,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470985421891,"flow_src_last_pkt_time":1120470985466372,"flow_dst_last_pkt_time":1120470985421891,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":860,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985504000,"flow_src_last_pkt_time":1120470985504000,"flow_dst_last_pkt_time":1120470985504000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985418358,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985418358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985504000,"flow_src_last_pkt_time":1120470985504000,"flow_dst_last_pkt_time":1120470985504000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985418358,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985418358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471048339111,"flow_src_last_pkt_time":1120471048339111,"flow_dst_last_pkt_time":1120471048339111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471048339111,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.114","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_src_last_pkt_time":1120471048339111,"flow_dst_last_pkt_time":1120471048339111,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471048339111,"pkt":"ADBUADRWAODtAW69CABFAABIbFYAAIARSvvAqAECwKgBcgsLADUANESJJXMAAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471048339111,"flow_src_last_pkt_time":1120471048339111,"flow_dst_last_pkt_time":1120471048339111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471048339111,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.114","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -2009,11 +2005,11 @@ 01110{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036317049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01107{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470971822331,"flow_src_last_pkt_time":1120470971822331,"flow_dst_last_pkt_time":1120470971822331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00792{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470924263958,"flow_src_last_pkt_time":1120470924263958,"flow_dst_last_pkt_time":1120470924263958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985511036,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985511036,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470985421891,"flow_src_last_pkt_time":1120470985466372,"flow_dst_last_pkt_time":1120470985421891,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":860,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985504000,"flow_src_last_pkt_time":1120470985504000,"flow_dst_last_pkt_time":1120470985504000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985418358,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985418358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985504000,"flow_src_last_pkt_time":1120470985504000,"flow_dst_last_pkt_time":1120470985504000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985418358,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985418358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":4,"flow_src_last_pkt_time":1120471087098234,"flow_dst_last_pkt_time":1120471088463377,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_usec":1120471088463377,"pkt":"AODtAW69ADBUADRWCABFAAByAABAAEARtyfAqAEBwKgBAgA1Cw4AXmA7TTWBgAABAAEAAgAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAcAMAAEAAQAAAVUABNTyISPAEAAmAgEAAAEsAAYDbnMxwBDAEAACAAEAAAEsAAYDbnMywBA="} 01086{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1120471084097511,"flow_src_last_pkt_time":1120471087098234,"flow_dst_last_pkt_time":1120471088463377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1120471088463377,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sip.cybercity.dk","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":687,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471094410518,"flow_src_last_pkt_time":1120471094410518,"flow_dst_last_pkt_time":1120471094410518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094410518,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -2102,30 +2098,34 @@ 00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635052210,"flow_src_last_pkt_time":1120469635052210,"flow_dst_last_pkt_time":1120469635052210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01227{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635048287,"flow_src_last_pkt_time":1120469635048287,"flow_dst_last_pkt_time":1120469635048287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download","ftp": {"user":"","password":"","auth_failed":0}}} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635048287,"flow_src_last_pkt_time":1120469635048287,"flow_dst_last_pkt_time":1120469635048287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985511036,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +01008{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985511036,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985511036,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01003{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635044160,"flow_src_last_pkt_time":1120469635044160,"flow_dst_last_pkt_time":1120469635044160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":120,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635044160,"flow_src_last_pkt_time":1120469635044160,"flow_dst_last_pkt_time":1120469635044160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":120,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470985421891,"flow_src_last_pkt_time":1120470985466372,"flow_dst_last_pkt_time":1120470985421891,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":860,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985504000,"flow_src_last_pkt_time":1120470985504000,"flow_dst_last_pkt_time":1120470985504000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +01009{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01009{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985504000,"flow_src_last_pkt_time":1120470985504000,"flow_dst_last_pkt_time":1120470985504000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985504000,"flow_src_last_pkt_time":1120470985504000,"flow_dst_last_pkt_time":1120470985504000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01071{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120469611651594,"flow_src_last_pkt_time":1120469620579207,"flow_dst_last_pkt_time":1120469611651594,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"SMBv23","proto_id":"41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120469611651594,"flow_src_last_pkt_time":1120469620579207,"flow_dst_last_pkt_time":1120469611651594,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471053339683,"flow_src_last_pkt_time":1120471053339683,"flow_dst_last_pkt_time":1120471053339683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985418358,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985418358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +01007{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985418358,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985418358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985418358,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985418358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01227{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635010547,"flow_src_last_pkt_time":1120469635010547,"flow_dst_last_pkt_time":1120469635010547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download","ftp": {"user":"","password":"","auth_failed":0}}} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635010547,"flow_src_last_pkt_time":1120469635010547,"flow_dst_last_pkt_time":1120469635010547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00610{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":691,"packets-processed":569,"total-skipped-flows":0,"total-l4-payload-len":60810,"total-not-detected-flows":35,"total-guessed-flows":28,"total-detected-flows":194,"total-detection-updates":88,"total-updates":666,"current-active-flows":0,"total-active-flows":257,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2117,"global_ts_usec":1120471107427770} +00610{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":691,"packets-processed":569,"total-skipped-flows":0,"total-l4-payload-len":60810,"total-not-detected-flows":39,"total-guessed-flows":28,"total-detected-flows":190,"total-detection-updates":88,"total-updates":666,"current-active-flows":0,"total-active-flows":257,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2117,"global_ts_usec":1120471107427770} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 691/569 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 60810 bytes -~~ total detected protocols..: 194 +~~ total detected protocols..: 190 ~~ total active/idle flows...: 257/257 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8549320 bytes -~~ total memory freed........: 8549320 bytes -~~ total allocations/frees...: 151709/151709 +~~ total memory allocated....: 8185125 bytes +~~ total memory freed........: 8185125 bytes +~~ total allocations/frees...: 146112/146112 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 311 chars ~~ json string max len.......: 2450 chars diff --git a/test/results/default/fuzz-2006-09-29-28586.pcap.out b/test/results/default/fuzz-2006-09-29-28586.pcap.out index 078befdbb..d50e99103 100644 --- a/test/results/default/fuzz-2006-09-29-28586.pcap.out +++ b/test/results/default/fuzz-2006-09-29-28586.pcap.out @@ -224,9 +224,9 @@ ~~ total active/idle flows...: 39/39 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8060532 bytes -~~ total memory freed........: 8060532 bytes -~~ total allocations/frees...: 148868/148868 +~~ total memory allocated....: 7691105 bytes +~~ total memory freed........: 7691105 bytes +~~ total allocations/frees...: 143271/143271 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 312 chars ~~ json string max len.......: 2512 chars diff --git a/test/results/default/fuzz-2020-02-16-11740.pcap.out b/test/results/default/fuzz-2020-02-16-11740.pcap.out index e75ce4a8d..be289ae98 100644 --- a/test/results/default/fuzz-2020-02-16-11740.pcap.out +++ b/test/results/default/fuzz-2020-02-16-11740.pcap.out @@ -621,9 +621,9 @@ ~~ total active/idle flows...: 79/79 ~~ total timeout flows.......: 13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8136544 bytes -~~ total memory freed........: 8136544 bytes -~~ total allocations/frees...: 149443/149443 +~~ total memory allocated....: 7768077 bytes +~~ total memory freed........: 7768077 bytes +~~ total allocations/frees...: 143846/143846 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 312 chars ~~ json string max len.......: 2444 chars diff --git a/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out index 101db52d1..ad7fca9e4 100644 --- a/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out +++ b/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7961999 bytes -~~ total memory freed........: 7961999 bytes -~~ total allocations/frees...: 148276/148276 +~~ total memory allocated....: 7591636 bytes +~~ total memory freed........: 7591636 bytes +~~ total allocations/frees...: 142679/142679 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 336 chars ~~ json string max len.......: 597 chars diff --git a/test/results/default/fuzz-2021-10-13.pcap.out b/test/results/default/fuzz-2021-10-13.pcap.out index b8633cb5b..02977129b 100644 --- a/test/results/default/fuzz-2021-10-13.pcap.out +++ b/test/results/default/fuzz-2021-10-13.pcap.out @@ -11,9 +11,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7961999 bytes -~~ total memory freed........: 7961999 bytes -~~ total allocations/frees...: 148276/148276 +~~ total memory allocated....: 7591636 bytes +~~ total memory freed........: 7591636 bytes +~~ total allocations/frees...: 142679/142679 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 318 chars ~~ json string max len.......: 585 chars diff --git a/test/results/default/geforcenow.pcapng.out b/test/results/default/geforcenow.pcapng.out index 03ccb480e..e6f58b218 100644 --- a/test/results/default/geforcenow.pcapng.out +++ b/test/results/default/geforcenow.pcapng.out @@ -18,8 +18,8 @@ 01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671871840001,"flow_dst_last_pkt_time":1684671871710618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684671871840001,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":3,"num_processed_pkts":3}}} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1684671871840001,"flow_dst_last_pkt_time":1684671871882365,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1684671871882365,"pkt":"NObXAhsnILAB4IZiCABFAABcNN8AAGwRXvJQVKfOwKgB9UgUzNkASFouAQEALCESpEJkcjVFMmVxQTYxZnoAIAAIAAHo0SsSsEoACAAURhnLH3zQvCAinCnMXYq2EhDyy7aAKAAEA6pl0w=="} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1684671871884042,"flow_dst_last_pkt_time":1684671871882365,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1684671871884042,"pkt":"ILAB4IZiNObXAhsnCABFAAC5NU5AAEARSibAqAH1UFSnzszZSBQApbt2Fv7\/AAAAAAAAAAAAkAEAAIQAAAAAAAAAhP79MP1IsuaCwvl\/YcA2OU510BmzK4mvnRXYSsRswUXHqK8AAAAWwCvAL8ypzKjACcATwArAFACcAC8ANQEAAEQAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAA4ACQAGAAEACAAHAA=="} -02415{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671872714424,"flow_dst_last_pkt_time":1684671872714517,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":661,"flow_src_tot_l4_payload_len":2076,"flow_dst_tot_l4_payload_len":2033,"midstream":0,"thread_ts_usec":1684671872714517,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":64764.7,"max":689508,"stddev":136017.0,"var":18500616192.0,"ent":3.2,"data": [66053,63330,171747,44041,99894,183824,360133,689508,48469,47134,1,0,0,0,4464,1537,52687,37,46039,42295,446,303,157,40,93,42070,315,149,228,42450,261]},"pktlen": {"min":53,"avg":156.4,"max":689,"stddev":133.9,"var":17933.5,"ent":4.7,"data": [124,124,124,92,185,185,185,185,689,568,119,358,164,107,53,95,101,101,141,137,105,109,73,113,113,113,73,85,89,105,85,105]},"bins": {"c_to_s": [0,2,5,4,4,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,3,8,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,0,0,0,0,1,0,1,1,1,1,1,1,1,0,0,1,0,1,0,0,0,0,1,1,1,1,0,1],"entropies": [5.798890114,5.760544300,5.760543823,5.699924469,4.958880424,4.982108116,4.979167461,4.994058609,6.462553024,6.717261314,4.840689182,6.641223907,6.248939514,4.353680611,3.764864683,5.258242130,6.006977558,5.841088772,6.408538342,6.349637032,5.904027939,6.047730923,5.421965599,6.049623013,6.169179440,6.109401703,5.448651314,5.635576248,5.804111004,6.095016956,5.717526436,6.095016956]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01228{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":33,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671872721652,"flow_dst_last_pkt_time":1684671872745627,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":1180,"flow_src_tot_l4_payload_len":2573,"flow_dst_tot_l4_payload_len":15508,"midstream":0,"thread_ts_usec":1684671872745627,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +02305{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671872714424,"flow_dst_last_pkt_time":1684671872714517,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":661,"flow_src_tot_l4_payload_len":2076,"flow_dst_tot_l4_payload_len":2033,"midstream":0,"thread_ts_usec":1684671872714517,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":64764.7,"max":689508,"stddev":136017.0,"var":18500616192.0,"ent":3.2,"data": [66053,63330,171747,44041,99894,183824,360133,689508,48469,47134,1,0,0,0,4464,1537,52687,37,46039,42295,446,303,157,40,93,42070,315,149,228,42450,261]},"pktlen": {"min":53,"avg":156.4,"max":689,"stddev":133.9,"var":17933.5,"ent":4.7,"data": [124,124,124,92,185,185,185,185,689,568,119,358,164,107,53,95,101,101,141,137,105,109,73,113,113,113,73,85,89,105,85,105]},"bins": {"c_to_s": [0,2,5,4,4,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,3,8,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,0,0,0,0,1,0,1,1,1,1,1,1,1,0,0,1,0,1,0,0,0,0,1,1,1,1,0,1],"entropies": [5.798890114,5.760544300,5.760543823,5.699924469,4.958880424,4.982108116,4.979167461,4.994058609,6.462553024,6.717261314,4.840689182,6.641223907,6.248939514,4.353680611,3.764864683,5.258242130,6.006977558,5.841088772,6.408538342,6.349637032,5.904027939,6.047730923,5.421965599,6.049623013,6.169179440,6.109401703,5.448651314,5.635576248,5.804111004,6.095016956,5.717526436,6.095016956]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":33,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671872721652,"flow_dst_last_pkt_time":1684671872745627,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":1180,"flow_src_tot_l4_payload_len":2573,"flow_dst_tot_l4_payload_len":15508,"midstream":0,"thread_ts_usec":1684671872745627,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":27,"flow_first_seen":1684671871380890,"flow_src_last_pkt_time":1684671872718418,"flow_dst_last_pkt_time":1684671871771400,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2896,"flow_dst_max_l4_payload_len":2896,"flow_src_tot_l4_payload_len":6969,"flow_dst_tot_l4_payload_len":38102,"midstream":0,"thread_ts_usec":1684671872745627,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":57490,"dst_port":49100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.GeForceNow","proto_id":"91.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00589{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","packets-captured":108,"packets-processed":108,"total-skipped-flows":0,"total-l4-payload-len":63152,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1684671872745627} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8033539 bytes -~~ total memory freed........: 8033539 bytes -~~ total allocations/frees...: 148421/148421 +~~ total memory allocated....: 7663224 bytes +~~ total memory freed........: 7663224 bytes +~~ total allocations/frees...: 142824/142824 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 518 chars ~~ json string max len.......: 4444 chars diff --git a/test/results/default/genshin-impact.pcap.out b/test/results/default/genshin-impact.pcap.out index c6c00bcf6..a7c2f65a6 100644 --- a/test/results/default/genshin-impact.pcap.out +++ b/test/results/default/genshin-impact.pcap.out @@ -62,9 +62,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7983353 bytes -~~ total memory freed........: 7983353 bytes -~~ total allocations/frees...: 148435/148435 +~~ total memory allocated....: 7613134 bytes +~~ total memory freed........: 7613134 bytes +~~ total allocations/frees...: 142838/142838 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 520 chars ~~ json string max len.......: 1231 chars diff --git a/test/results/default/git.pcap.out b/test/results/default/git.pcap.out index 0326262ea..7cb66bfe7 100644 --- a/test/results/default/git.pcap.out +++ b/test/results/default/git.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966709 bytes -~~ total memory freed........: 7966709 bytes -~~ total allocations/frees...: 148377/148377 +~~ total memory allocated....: 7596370 bytes +~~ total memory freed........: 7596370 bytes +~~ total allocations/frees...: 142780/142780 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 2176 chars diff --git a/test/results/default/gnutella.pcap.out b/test/results/default/gnutella.pcap.out index a73f7c02f..16e55258b 100644 --- a/test/results/default/gnutella.pcap.out +++ b/test/results/default/gnutella.pcap.out @@ -363,12 +363,16 @@ 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":70172719,"flow_dst_last_pkt_time":70172719,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":70172719,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UWtAAIAGasMKAAIPsIqB\/MRDbToYK0huAAAAAIAC+vCjcgAAAgQFtAEDAwgBAQQC"} 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":70230046,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":70230046,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":70230046,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":70230046,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0djYAAIARTnwKAAIPVYoUbnAJGMoAIKDVR05EED6PAQFUC1FLUlAGUk5BXS\/iNQlw"} +01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":70230046,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":70230046,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230444,"flow_src_last_pkt_time":70230444,"flow_dst_last_pkt_time":70230444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":70230444,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":70230444,"flow_dst_last_pkt_time":70230444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":70230444,"pkt":"UlQAEjUCCAAn5uVZCABFAAA022gAAIARFCcKAAIPStL0SHAJGMoAIMuxR05EED6QAQFUC1FLUlAGUk5BXS\/iNQlw"} +01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230444,"flow_src_last_pkt_time":70230444,"flow_dst_last_pkt_time":70230444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":70230444,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":70230689,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":70230689,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_src_last_pkt_time":70230689,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":70230689,"pkt":"UlQAEjUCCAAn5uVZCABFAAA01LQAAIARp30KAAIPXINV9XAJe\/8AIPUdR05EED6RAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":70230689,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":70230689,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00743{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":70230940,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":70230940,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":70230940,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":70230940,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0tBIAAIAREWQKAAIPUTIYAnAJRdIAIHSOR05EED6SAQFUC1FLUlAGUk5BXS\/iNQlw"} +01136{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":70230940,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":70230940,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":71122761,"flow_dst_last_pkt_time":68109715,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71122761,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0vG1AAIAGN8gKAAIPAST5W8Q1\/ZgxDGGiAAAAAIAC+vAZFAAAAgQFtAEDAwgBAQQC"} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":71122842,"flow_dst_last_pkt_time":68108638,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71122842,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0K4lAAIAGtdcKAAIPb\/adXsQzx+daqkeOAAAAAIAC+vAsaAAAAgQFtAEDAwgBAQQC"} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":71122875,"flow_dst_last_pkt_time":68110677,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71122875,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ZZpAAIAGsgcKAAIPTESKz8Q3sBfW5xLuAAAAAIAC+vAy2AAAAgQFtAEDAwgBAQQC"} @@ -410,50 +414,73 @@ 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":5,"flow_src_last_pkt_time":71313221,"flow_dst_last_pkt_time":71313407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":71313407,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoAsgAAEAGYHRW0LS1CgACD7M7xEkAehICIIQXZ1AQ\/\/\/WUwAA"} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535614,"flow_src_last_pkt_time":71535614,"flow_dst_last_pkt_time":71535614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71535614,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_src_last_pkt_time":71535614,"flow_dst_last_pkt_time":71535614,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71535614,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gnYAAIARfQoKAAIPWKDWiXAJGMoAINufR05EED6TAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535614,"flow_src_last_pkt_time":71535614,"flow_dst_last_pkt_time":71535614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71535614,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535977,"flow_src_last_pkt_time":71535977,"flow_dst_last_pkt_time":71535977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71535977,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_src_last_pkt_time":71535977,"flow_dst_last_pkt_time":71535977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71535977,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gnEAAIARDS8KAAIPGE6GvHAJv5YAIMTxR05EED6UAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535977,"flow_src_last_pkt_time":71535977,"flow_dst_last_pkt_time":71535977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71535977,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536330,"flow_src_last_pkt_time":71536330,"flow_dst_last_pkt_time":71536330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71536330,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_src_last_pkt_time":71536330,"flow_dst_last_pkt_time":71536330,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71536330,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0alYAAIAR6csKAAIPy94OqnAJWyQAIO3kR05EED6VAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536330,"flow_src_last_pkt_time":71536330,"flow_dst_last_pkt_time":71536330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71536330,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536631,"flow_src_last_pkt_time":71536631,"flow_dst_last_pkt_time":71536631,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71536631,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_src_last_pkt_time":71536631,"flow_dst_last_pkt_time":71536631,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71536631,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0IoEAAIARkLEKAAIPciYJUnAJXp8AIEl5R05EED6WAQFUC1FLUlAGUk5BXS\/iNQlw"} +01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536631,"flow_src_last_pkt_time":71536631,"flow_dst_last_pkt_time":71536631,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71536631,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536922,"flow_src_last_pkt_time":71536922,"flow_dst_last_pkt_time":71536922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71536922,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_src_last_pkt_time":71536922,"flow_dst_last_pkt_time":71536922,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71536922,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xrwAAIAREI8KAAIP3IV62XAJW6IAIHCOR05EED6XAQFUC1FLUlAGUk5BXS\/iNQlw"} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536922,"flow_src_last_pkt_time":71536922,"flow_dst_last_pkt_time":71536922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71536922,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537199,"flow_src_last_pkt_time":71537199,"flow_dst_last_pkt_time":71537199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71537199,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_src_last_pkt_time":71537199,"flow_dst_last_pkt_time":71537199,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71537199,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bocAAIARxe8KAAIPe81+ZnAJFEkAIBUSR05EED6YAQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537199,"flow_src_last_pkt_time":71537199,"flow_dst_last_pkt_time":71537199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71537199,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537663,"flow_src_last_pkt_time":71537663,"flow_dst_last_pkt_time":71537663,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71537663,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_src_last_pkt_time":71537663,"flow_dst_last_pkt_time":71537663,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71537663,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0oV4AAIARir4KAAIP2qQn6XAJUXcAIM+IR05EED6ZAQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537663,"flow_src_last_pkt_time":71537663,"flow_dst_last_pkt_time":71537663,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71537663,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537931,"flow_src_last_pkt_time":71537931,"flow_dst_last_pkt_time":71537931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71537931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_src_last_pkt_time":71537931,"flow_dst_last_pkt_time":71537931,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71537931,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0nSoAAIARDacKAAIP3IanUnAJFrwAIIj3R05EED6aAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537931,"flow_src_last_pkt_time":71537931,"flow_dst_last_pkt_time":71537931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71537931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538247,"flow_src_last_pkt_time":71538247,"flow_dst_last_pkt_time":71538247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71538247,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_src_last_pkt_time":71538247,"flow_dst_last_pkt_time":71538247,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71538247,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0RlgAAIARSnAKAAIPKmJzgHAJW6IAICoHR05EED6bAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538247,"flow_src_last_pkt_time":71538247,"flow_dst_last_pkt_time":71538247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71538247,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538408,"flow_src_last_pkt_time":71538408,"flow_dst_last_pkt_time":71538408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71538408,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_src_last_pkt_time":71538408,"flow_dst_last_pkt_time":71538408,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71538408,"pkt":"UlQAEjUCCAAn5uVZCABFAAA09nMAAIARUYwKAAIP21ULVXAJKeIAIBL+R05EED6cAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538408,"flow_src_last_pkt_time":71538408,"flow_dst_last_pkt_time":71538408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71538408,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538650,"flow_src_last_pkt_time":71538650,"flow_dst_last_pkt_time":71538650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71538650,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.39.154.69","src_port":28681,"dst_port":4832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_src_last_pkt_time":71538650,"flow_dst_last_pkt_time":71538650,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71538650,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0wuYAAIARX1cKAAIPcieaRXAJEuAAIAQ9R05EED6dAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538650,"flow_src_last_pkt_time":71538650,"flow_dst_last_pkt_time":71538650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71538650,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.39.154.69","src_port":28681,"dst_port":4832,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":392,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538933,"flow_src_last_pkt_time":71538933,"flow_dst_last_pkt_time":71538933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71538933,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_src_last_pkt_time":71538933,"flow_dst_last_pkt_time":71538933,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71538933,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0odAAAIARgwcKAAIPypc\/O3AJHcgAIPvtR05EED6eAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":392,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538933,"flow_src_last_pkt_time":71538933,"flow_dst_last_pkt_time":71538933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71538933,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":71539248,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71539248,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_src_last_pkt_time":71539248,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71539248,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0B\/4AAIARw8YKAAIPcHfybnAJHvIAIKGvR05EED6fAQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":71539248,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71539248,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":394,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":71539473,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71539473,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_src_last_pkt_time":71539473,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71539473,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0p7QAAIARK7QKAAIPWKkCmXAJzL4AIPuFR05EED6gAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":394,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":71539473,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71539473,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539621,"flow_src_last_pkt_time":71539621,"flow_dst_last_pkt_time":71539621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71539621,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_src_last_pkt_time":71539621,"flow_dst_last_pkt_time":71539621,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71539621,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0QZMAAIAR3loKAAIPw4RLOHAJ2skAIDn\/R05EED6hAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539621,"flow_src_last_pkt_time":71539621,"flow_dst_last_pkt_time":71539621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71539621,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":71540138,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71540138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_src_last_pkt_time":71540138,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71540138,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0JF0AAIARIm8KAAIPWkGNnXAJGMoAICLcR05EED6iAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":71540138,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71540138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540307,"flow_src_last_pkt_time":71540307,"flow_dst_last_pkt_time":71540307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71540307,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_src_last_pkt_time":71540307,"flow_dst_last_pkt_time":71540307,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71540307,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0MesAAIARAj4KAAIPJO\/VknAJVPYAINQLR05EED6jAQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540307,"flow_src_last_pkt_time":71540307,"flow_dst_last_pkt_time":71540307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71540307,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":71540385,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71540385,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_src_last_pkt_time":71540385,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71540385,"pkt":"UlQAEjUCCAAn5uVZCABFAAA09PMAAIARS78KAAIPaWWEknAJ4ZIAIFP4R05EED6kAQFUC1FLUlAGUk5BXS\/iNQlw"} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":71540385,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71540385,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":71540581,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71540581,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_src_last_pkt_time":71540581,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71540581,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0WkwAAIARMwIKAAIPVhdLRXAJGMoAIGlbR05EED6lAQFUC1FLUlAGUk5BXS\/iNQlw"} +01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":71540581,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71540581,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540687,"flow_src_last_pkt_time":71540687,"flow_dst_last_pkt_time":71540687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71540687,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.104","src_port":28681,"dst_port":11804,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_src_last_pkt_time":71540687,"flow_dst_last_pkt_time":71540687,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71540687,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05HkAAIARhcUKAAIPmgMqaHAJLhwAIDD5R05EED6mAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540687,"flow_src_last_pkt_time":71540687,"flow_dst_last_pkt_time":71540687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71540687,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.104","src_port":28681,"dst_port":11804,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":71540796,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71540796,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_src_last_pkt_time":71540796,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71540796,"pkt":"UlQAEjUCCAAn5uVZCABFAAA00HAAAIARI3wKAAIPfCy+kXAJJ7oAIMEHR05EED6nAQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":71540796,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71540796,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":71540885,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71540885,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_src_last_pkt_time":71540885,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71540885,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0POoAAIARNbgKAAIPyHjzj3AJGMoAIE6sR05EED6oAQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":71540885,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71540885,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":71541038,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71541038,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_src_last_pkt_time":71541038,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":71541038,"pkt":"UlQAEjUCCAAn5uVZCABFAAA02U0AAIAREUUKAAIPBbQ+ZHAJtTEAICo0R05EED6pAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":71541038,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":71541038,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_src_last_pkt_time":71205274,"flow_dst_last_pkt_time":71605139,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":71605139,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAswAAEAGY0Nt1prYCgACDxjKxEgAewwBHNfF\/mAS\/\/+29AAAAgQFtA=="} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_src_last_pkt_time":71605439,"flow_dst_last_pkt_time":71605139,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":71605439,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo5AxAAIAGAgYKAAIPbdaa2MRIGMoc18X+AHsMAlAQ+vDTwAAA"} 00915{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":4,"flow_src_last_pkt_time":71608015,"flow_dst_last_pkt_time":71605139,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"thread_ts_usec":71608015,"pkt":"UlQAEjUCCAAn5uVZCABFAAFY5A1AAIAGANUKAAIPbdaa2MRIGMoc18X+AHsMAlAY+vDYuQAAR05VVEVMTEEgQ09OTkVDVC8wLjYNCkxpc3Rlbi1JUDogOTMuNDcuMjI2LjUzOjI4NjgxDQpSZW1vdGUtSVA6IDEwOS4yMTQuMTU0LjIxNg0KVXNlci1BZ2VudDogZ3RrLWdudXRlbGxhLzEuMi4yICgyMDIyLTAyLTI1OyBHVEsyOyBXaW5kb3dzIHg2NCkNCkJ5ZS1QYWNrZXQ6IDAuMQ0KQWNjZXB0OiBhcHBsaWNhdGlvbi94LWdudXRlbGxhMg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlDQpYLUxpdmUtU2luY2U6IFN1biwgMDYgTWFyIDIwMjIgMTE6MjI6MTAgLTA4MDANClgtSHViOiBGYWxzZQ0KWC1IdWItTmVlZGVkOiBUcnVlDQoNCg=="} @@ -492,40 +519,58 @@ 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":5,"flow_src_last_pkt_time":72596459,"flow_dst_last_pkt_time":72596635,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":72596635,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoAtYAAEAGmJ9n6GtkCgACD6n0xE0Af+4CiO6FblAQ\/\/9lWAAA"} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":72848739,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72848739,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_src_last_pkt_time":72848739,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":72848739,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0XAwAAIARFJoKAAIPqv4TBnAJXnQAIAcER05EED6qAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":72848739,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72848739,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":72849111,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72849111,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_src_last_pkt_time":72849111,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":72849111,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0qfwAAIARfpsKAAIPU1yytnAJ39YAID2SR05EED6rAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":72849111,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72849111,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":72849569,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72849569,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_src_last_pkt_time":72849569,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":72849569,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0M\/8AAIAR\/+AKAAIPW0WfhXAJbWAAILtPR05EED6sAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":72849569,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72849569,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850054,"flow_src_last_pkt_time":72850054,"flow_dst_last_pkt_time":72850054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72850054,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":1024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_src_last_pkt_time":72850054,"flow_dst_last_pkt_time":72850054,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":72850054,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0NSIAAIARFyoKAAIPsL8xn3AJBAAAID0bR05EED6tAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850054,"flow_src_last_pkt_time":72850054,"flow_dst_last_pkt_time":72850054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72850054,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":1024,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":72850420,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72850420,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_src_last_pkt_time":72850420,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":72850420,"pkt":"UlQAEjUCCAAn5uVZCABFAAA09U0AAIARELQKAAIPTY3bG3AJkswAIGgDR05EED6uAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":72850420,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72850420,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":72850779,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72850779,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_src_last_pkt_time":72850779,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":72850779,"pkt":"UlQAEjUCCAAn5uVZCABFAAA079wAAIARW5AKAAIPsIoys3AJcuMAIM1WR05EED6vAQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":72850779,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72850779,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":72851137,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72851137,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":72851137,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":72851137,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0f64AAIAR17oKAAIPd+BfYXAJtRQAIJcgR05EED6wAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":72851137,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72851137,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851488,"flow_src_last_pkt_time":72851488,"flow_dst_last_pkt_time":72851488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72851488,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.225.140.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_src_last_pkt_time":72851488,"flow_dst_last_pkt_time":72851488,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":72851488,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0hfsAAIARxRMKAAIPVuGMunAJGMoAICcQR05EED6xAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851488,"flow_src_last_pkt_time":72851488,"flow_dst_last_pkt_time":72851488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72851488,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.225.140.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851799,"flow_src_last_pkt_time":72851799,"flow_dst_last_pkt_time":72851799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72851799,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.86.173.45","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_src_last_pkt_time":72851799,"flow_dst_last_pkt_time":72851799,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":72851799,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xSwAAIARbPoKAAIPT1atLXAJGMoAIA4nR05EED6yAQFUC1FLUlAGUk5BXS\/iNQlw"} +01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851799,"flow_src_last_pkt_time":72851799,"flow_dst_last_pkt_time":72851799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72851799,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.86.173.45","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":72852255,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72852255,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_src_last_pkt_time":72852255,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":72852255,"pkt":"UlQAEjUCCAAn5uVZCABFAAA09RcAAIARAUIKAAIPW6\/coXAJPWkAIK25R05EED6zAQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":72852255,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72852255,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852470,"flow_src_last_pkt_time":72852470,"flow_dst_last_pkt_time":72852470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72852470,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_src_last_pkt_time":72852470,"flow_dst_last_pkt_time":72852470,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":72852470,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05pIAAIARsCIKAAIPTudJDnAJGMoAIHKzR05EED60AQFUC1FLUlAGUk5BXS\/iNQlw"} +01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852470,"flow_src_last_pkt_time":72852470,"flow_dst_last_pkt_time":72852470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72852470,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":72852642,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72852642,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_src_last_pkt_time":72852642,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":72852642,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0fT0AAIARi9QKAAIPwfpjnnAJGMoAIOUOR05EED61AQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":72852642,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72852642,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":72852834,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72852834,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_src_last_pkt_time":72852834,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":72852834,"pkt":"UlQAEjUCCAAn5uVZCABFAAA02w4AAIARCzcKAAIPUOz3eHAJPq8AIJxcR05EED62AQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":72852834,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72852834,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":72853009,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72853009,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_src_last_pkt_time":72853009,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":72853009,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05U8AAIARsFQKAAIPUkFGxXAJVL0AIDWsR05EED63AQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":72853009,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72853009,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":72853189,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72853189,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_src_last_pkt_time":72853189,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":72853189,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0jJIAAIARUAkKAAIPp3KqnHAJXSQAIHQ7R05EED64AQFUC1FLUlAGUk5BXS\/iNQlw"} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":72853189,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72853189,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":72853366,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72853366,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_src_last_pkt_time":72853366,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":72853366,"pkt":"UlQAEjUCCAAn5uVZCABFAAA077sAAIARtrYKAAIPpanijnAJGMoAIIJrR05EED65AQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":72853366,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72853366,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":72853538,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72853538,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_src_last_pkt_time":72853538,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":72853538,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0JXgAAIARS7MKAAIPTcVvunAJGMoAIE0jR05EED66AQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":72853538,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72853538,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":72853723,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72853723,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_src_last_pkt_time":72853723,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":72853723,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0s0kAAIARB\/EKAAIPrGHHDnAJGMoAIJcxR05EED67AQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":72853723,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":72853723,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":73064966,"flow_dst_last_pkt_time":64033019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":73064966,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0kpVAAIAGVgUKAAIPWk6rzMQfGMqXoNUlAAAAAIAC+vAYRgAAAgQFtAEDAwgBAQQC"} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":73065072,"flow_dst_last_pkt_time":64032037,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":73065072,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0FYFAAIAGQkoKAAIPfNoaEMQcJgCBbg3uAAAAAIAC+vBXrQAAAgQFtAEDAwgBAQQC"} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":73065113,"flow_dst_last_pkt_time":64032422,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":73065113,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0XTJAAIAGk6kKAAIPci6Lq8Qdy5gelScRAAAAAIAC+vCU2gAAAgQFtAEDAwgBAQQC"} @@ -640,116 +685,172 @@ 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":3,"flow_src_last_pkt_time":81294293,"flow_dst_last_pkt_time":72265587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":81294293,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0cvlAAIAGYVIKAAIPGH8B68RLk7Zj+37vAAAAAIAC+vASugAAAgQFtAEDAwgBAQQC"} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057279,"flow_src_last_pkt_time":82057279,"flow_dst_last_pkt_time":82057279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82057279,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"174.115.111.224","src_port":28681,"dst_port":51984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_src_last_pkt_time":82057279,"flow_dst_last_pkt_time":82057279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82057279,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0vx8AAIARUTcKAAIPrnNv4HAJyxAAIDoGR05EED68AQFUC1FLUlAGUk5BXS\/iNQlw"} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057279,"flow_src_last_pkt_time":82057279,"flow_dst_last_pkt_time":82057279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82057279,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"174.115.111.224","src_port":28681,"dst_port":51984,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057536,"flow_src_last_pkt_time":82057536,"flow_dst_last_pkt_time":82057536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82057536,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.182.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_src_last_pkt_time":82057536,"flow_dst_last_pkt_time":82057536,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82057536,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0SSkAAIAR1nEKAAIPWKi2Z3AJGMoAIPuPR05EED69AQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057536,"flow_src_last_pkt_time":82057536,"flow_dst_last_pkt_time":82057536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82057536,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.182.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":82057972,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82057972,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_src_last_pkt_time":82057972,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82057972,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0lsIAAIARXJ0KAAIPVvTkVnAJJ5MAIMCKR05EED6+AQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":82057972,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82057972,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":82058208,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82058208,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_src_last_pkt_time":82058208,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82058208,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0rD0AAIARiPMKAAIPVuOilnAJGMoAIBEkR05EED6\/AQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":82058208,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82058208,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":82058413,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82058413,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_src_last_pkt_time":82058413,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82058413,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0SbkAAIARjAQKAAIPdqbiRnAJGMoAILGvR05EED7AAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":82058413,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82058413,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":82058634,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82058634,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_src_last_pkt_time":82058634,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82058634,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0dT8AAIARIScKAAIPsKPnoHAJGMoAIHJXR05EED7BAQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":82058634,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82058634,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":82058765,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82058765,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_src_last_pkt_time":82058765,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82058765,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0XrkAAIARSzgKAAIPU5YxI3AJfsAAIB\/rR05EED7CAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":82058765,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82058765,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":82058913,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82058913,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_src_last_pkt_time":82058913,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82058913,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0tpQAAIARiEcKAAIP1XgaVnAJdPoAIL6aR05EED7DAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":82058913,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82058913,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059148,"flow_src_last_pkt_time":82059148,"flow_dst_last_pkt_time":82059148,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82059148,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.159.111","src_port":28681,"dst_port":44729,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_src_last_pkt_time":82059148,"flow_dst_last_pkt_time":82059148,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82059148,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0COQAAIARLdwKAAIPWHufb3AJrrkAIHy+R05EED7EAQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059148,"flow_src_last_pkt_time":82059148,"flow_dst_last_pkt_time":82059148,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82059148,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.159.111","src_port":28681,"dst_port":44729,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059277,"flow_src_last_pkt_time":82059277,"flow_dst_last_pkt_time":82059277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82059277,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_src_last_pkt_time":82059277,"flow_dst_last_pkt_time":82059277,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82059277,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0yVcAAIARbDYKAAIPWH6gnnAJGMoAIBF7R05EED7FAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059277,"flow_src_last_pkt_time":82059277,"flow_dst_last_pkt_time":82059277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82059277,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059383,"flow_src_last_pkt_time":82059383,"flow_dst_last_pkt_time":82059383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82059383,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_src_last_pkt_time":82059383,"flow_dst_last_pkt_time":82059383,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82059383,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0MzgAAIARkVcKAAIPjsXbVXAJZnoAIFLLR05EED7GAQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059383,"flow_src_last_pkt_time":82059383,"flow_dst_last_pkt_time":82059383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82059383,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059497,"flow_src_last_pkt_time":82059497,"flow_dst_last_pkt_time":82059497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82059497,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_src_last_pkt_time":82059497,"flow_dst_last_pkt_time":82059497,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82059497,"pkt":"UlQAEjUCCAAn5uVZCABFAAA06P0AAIARw6sKAAIPVksrtnAJqe4AIPdvR05EED7HAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059497,"flow_src_last_pkt_time":82059497,"flow_dst_last_pkt_time":82059497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82059497,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":82059658,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82059658,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_src_last_pkt_time":82059658,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82059658,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0rnEAAIARKEMKAAIPWjv9unAJPMMAII6lR05EED7IAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":82059658,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82059658,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":82059773,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82059773,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_src_last_pkt_time":82059773,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82059773,"pkt":"UlQAEjUCCAAn5uVZCABFAAA08GUAAIARdXcKAAIPXR1rsHAJT4sAIAsFR05EED7JAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":82059773,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82059773,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059900,"flow_src_last_pkt_time":82059900,"flow_dst_last_pkt_time":82059900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82059900,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.157.59.43","src_port":28681,"dst_port":56919,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_src_last_pkt_time":82059900,"flow_dst_last_pkt_time":82059900,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82059900,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0cs0AAIARJxUKAAIPWZ07K3AJ3lcAILA8R05EED7KAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059900,"flow_src_last_pkt_time":82059900,"flow_dst_last_pkt_time":82059900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82059900,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.157.59.43","src_port":28681,"dst_port":56919,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060041,"flow_src_last_pkt_time":82060041,"flow_dst_last_pkt_time":82060041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82060041,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.162.52.93","src_port":28681,"dst_port":34799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_src_last_pkt_time":82060041,"flow_dst_last_pkt_time":82060041,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82060041,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0VdQAAIARSNcKAAIPW6I0XXAJh+8AIAttR05EED7LAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060041,"flow_src_last_pkt_time":82060041,"flow_dst_last_pkt_time":82060041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82060041,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.162.52.93","src_port":28681,"dst_port":34799,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060300,"flow_src_last_pkt_time":82060300,"flow_dst_last_pkt_time":82060300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82060300,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_src_last_pkt_time":82060300,"flow_dst_last_pkt_time":82060300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82060300,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0mmsAAIARSEoKAAIPQ8EINHAJlrgAIECtR05EED7MAQFUC1FLUlAGUk5BXS\/iNQlw"} +01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060300,"flow_src_last_pkt_time":82060300,"flow_dst_last_pkt_time":82060300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82060300,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":82060415,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82060415,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_src_last_pkt_time":82060415,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82060415,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0mjkAAIARSygKAAIPxNmEb3AJYzIAIHbeR05EED7NAQFUC1FLUlAGUk5BXS\/iNQlw"} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":82060415,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82060415,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":82060552,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82060552,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_src_last_pkt_time":82060552,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82060552,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0dBwAAIAR1MMKAAIPV0WOhXAJPG8AIAEfR05EED7OAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":82060552,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82060552,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060665,"flow_src_last_pkt_time":82060665,"flow_dst_last_pkt_time":82060665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82060665,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_src_last_pkt_time":82060665,"flow_dst_last_pkt_time":82060665,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82060665,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0TpsAAIARiIcKAAIPeWPeJHAJr7wAIBwTR05EED7PAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060665,"flow_src_last_pkt_time":82060665,"flow_dst_last_pkt_time":82060665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82060665,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060791,"flow_src_last_pkt_time":82060791,"flow_dst_last_pkt_time":82060791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82060791,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.74.159.56","src_port":28681,"dst_port":29271,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_src_last_pkt_time":82060791,"flow_dst_last_pkt_time":82060791,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82060791,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0\/XsAAIARzasKAAIPxEqfOHAJclcAIE18R05EED7QAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060791,"flow_src_last_pkt_time":82060791,"flow_dst_last_pkt_time":82060791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82060791,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.74.159.56","src_port":28681,"dst_port":29271,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":82060952,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82060952,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_src_last_pkt_time":82060952,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82060952,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0v80AAIARvTQKAAIPc0U+Y3AJGMoAIFjjR05EED7RAQFUC1FLUlAGUk5BXS\/iNQlw"} +01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":614,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":82060952,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82060952,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":82061139,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82061139,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_src_last_pkt_time":82061139,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82061139,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0nFAAAIARxPIKAAIPKWOkBHAJGMoAID0jR05EED7SAQFUC1FLUlAGUk5BXS\/iNQlw"} +01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":82061139,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82061139,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":616,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061259,"flow_src_last_pkt_time":82061259,"flow_dst_last_pkt_time":82061259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82061259,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.157.183.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_src_last_pkt_time":82061259,"flow_dst_last_pkt_time":82061259,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82061259,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xBEAAIARbZEKAAIPRZ23anAJGMoAIA2CR05EED7TAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061259,"flow_src_last_pkt_time":82061259,"flow_dst_last_pkt_time":82061259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82061259,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.157.183.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061374,"flow_src_last_pkt_time":82061374,"flow_dst_last_pkt_time":82061374,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82061374,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.46.253.7","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_src_last_pkt_time":82061374,"flow_dst_last_pkt_time":82061374,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82061374,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0oQgAAIARPWwKAAIPUy79B3AJGMoAILpSR05EED7UAQFUC1FLUlAGUk5BXS\/iNQlw"} +01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061374,"flow_src_last_pkt_time":82061374,"flow_dst_last_pkt_time":82061374,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82061374,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.46.253.7","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061491,"flow_src_last_pkt_time":82061491,"flow_dst_last_pkt_time":82061491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82061491,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"178.51.146.115","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_src_last_pkt_time":82061491,"flow_dst_last_pkt_time":82061491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82061491,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0XmMAAIARi6AKAAIPsjOSc3AJGMoAIMXgR05EED7VAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061491,"flow_src_last_pkt_time":82061491,"flow_dst_last_pkt_time":82061491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82061491,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"178.51.146.115","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":82061705,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82061705,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_src_last_pkt_time":82061705,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82061705,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0amcAAIARaXgKAAIPQoMYSHAJd\/cAIFCOR05EED7WAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":82061705,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82061705,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061887,"flow_src_last_pkt_time":82061887,"flow_dst_last_pkt_time":82061887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82061887,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.177.5.135","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_src_last_pkt_time":82061887,"flow_dst_last_pkt_time":82061887,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82061887,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0DHwAAIAR2fYKAAIPQrEFh3AJGMoAIMJNR05EED7XAQFUC1FLUlAGUk5BXS\/iNQlw"} +01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061887,"flow_src_last_pkt_time":82061887,"flow_dst_last_pkt_time":82061887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82061887,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.177.5.135","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062130,"flow_src_last_pkt_time":82062130,"flow_dst_last_pkt_time":82062130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82062130,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_src_last_pkt_time":82062130,"flow_dst_last_pkt_time":82062130,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82062130,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0BKMAAIARed8KAAIPSQNnJXAJiwUAIOggR05EED7YAQFUC1FLUlAGUk5BXS\/iNQlw"} +01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062130,"flow_src_last_pkt_time":82062130,"flow_dst_last_pkt_time":82062130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82062130,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":82062320,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82062320,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_src_last_pkt_time":82062320,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82062320,"pkt":"UlQAEjUCCAAn5uVZCABFAAA085cAAIARz7AKAAIPW6wPtnAJk8UAICQmR05EED7ZAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":82062320,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82062320,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":82062444,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82062444,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_src_last_pkt_time":82062444,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82062444,"pkt":"UlQAEjUCCAAn5uVZCABFAAA09AoAAIARpNsKAAIPVu8+1XAJGMoAIHS+R05EED7aAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":82062444,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82062444,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":82062565,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82062565,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_src_last_pkt_time":82062565,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82062565,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0tZ8AAIARR0wKAAIPbYTEOnAJGMoAINjCR05EED7bAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":82062565,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82062565,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062738,"flow_src_last_pkt_time":82062738,"flow_dst_last_pkt_time":82062738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82062738,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.182.44.202","src_port":28681,"dst_port":30277,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_src_last_pkt_time":82062738,"flow_dst_last_pkt_time":82062738,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82062738,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gcEAAIARJGkKAAIPW7YsynAJdkUAICSFR05EED7cAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062738,"flow_src_last_pkt_time":82062738,"flow_dst_last_pkt_time":82062738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82062738,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.182.44.202","src_port":28681,"dst_port":30277,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00745{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":82062863,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82062863,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_src_last_pkt_time":82062863,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82062863,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0uoAAAIARu5kKAAIPXFhcOHAJUhEAIBioR05EED7dAQFUC1FLUlAGUk5BXS\/iNQlw"} +01138{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":82062863,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82062863,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062993,"flow_src_last_pkt_time":82062993,"flow_dst_last_pkt_time":82062993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82062993,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_src_last_pkt_time":82062993,"flow_dst_last_pkt_time":82062993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82062993,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05JMAAIARi3AKAAIPU4ZrIHAJl7QAIMztR05EED7eAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062993,"flow_src_last_pkt_time":82062993,"flow_dst_last_pkt_time":82062993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82062993,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063123,"flow_src_last_pkt_time":82063123,"flow_dst_last_pkt_time":82063123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82063123,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.195.105.243","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_src_last_pkt_time":82063123,"flow_dst_last_pkt_time":82063123,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82063123,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Q2AAAIARDZQKAAIPc8Np83AJGMoAICzHR05EED7fAQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063123,"flow_src_last_pkt_time":82063123,"flow_dst_last_pkt_time":82063123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82063123,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.195.105.243","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":82063260,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82063260,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":82063260,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82063260,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0VbkAAIARb2QKAAIPpanD43AJGMoAIKDvR05EED7gAQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":82063260,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82063260,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":82063378,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82063378,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_src_last_pkt_time":82063378,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82063378,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0RwMAAIARmdcKAAIPvpmPNnAJ\/\/8AINV1R05EED7hAQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":82063378,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82063378,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063492,"flow_src_last_pkt_time":82063492,"flow_dst_last_pkt_time":82063492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82063492,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_src_last_pkt_time":82063492,"flow_dst_last_pkt_time":82063492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82063492,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0aoUAAIARLM0KAAIPXAg7UHAJiXgAIAJ0R05EED7iAQFUC1FLUlAGUk5BXS\/iNQlw"} +01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063492,"flow_src_last_pkt_time":82063492,"flow_dst_last_pkt_time":82063492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82063492,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063616,"flow_src_last_pkt_time":82063616,"flow_dst_last_pkt_time":82063616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82063616,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.44.126.74","src_port":28681,"dst_port":54633,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_src_last_pkt_time":82063616,"flow_dst_last_pkt_time":82063616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82063616,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0rRwAAIARRxcKAAIPvCx+SnAJ1WkAIBNjR05EED7jAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063616,"flow_src_last_pkt_time":82063616,"flow_dst_last_pkt_time":82063616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82063616,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.44.126.74","src_port":28681,"dst_port":54633,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063782,"flow_src_last_pkt_time":82063782,"flow_dst_last_pkt_time":82063782,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82063782,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.150.126.156","src_port":28681,"dst_port":16471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_src_last_pkt_time":82063782,"flow_dst_last_pkt_time":82063782,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82063782,"pkt":"UlQAEjUCCAAn5uVZCABFAAA09TYAAIARCkEKAAIPsJZ+nHAJQFcAILO4R05EED7kAQFUC1FLUlAGUk5BXS\/iNQlw"} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063782,"flow_src_last_pkt_time":82063782,"flow_dst_last_pkt_time":82063782,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82063782,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.150.126.156","src_port":28681,"dst_port":16471,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":82063897,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82063897,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":82063897,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82063897,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0D4MAAIAR1i8KAAIPseeXEHAJGMoAIMF\/R05EED7lAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":82063897,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82063897,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064076,"flow_src_last_pkt_time":82064076,"flow_dst_last_pkt_time":82064076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82064076,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.127.72.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_src_last_pkt_time":82064076,"flow_dst_last_pkt_time":82064076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82064076,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0z+UAAIARvdsKAAIPWH9IanAJGMoAIGmNR05EED7mAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064076,"flow_src_last_pkt_time":82064076,"flow_dst_last_pkt_time":82064076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82064076,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.127.72.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064299,"flow_src_last_pkt_time":82064299,"flow_dst_last_pkt_time":82064299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82064299,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_src_last_pkt_time":82064299,"flow_dst_last_pkt_time":82064299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82064299,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0dXQAAIARfkIKAAIP0Fxql3AJftwAIGlvR05EED7nAQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":636,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064299,"flow_src_last_pkt_time":82064299,"flow_dst_last_pkt_time":82064299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82064299,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064449,"flow_src_last_pkt_time":82064449,"flow_dst_last_pkt_time":82064449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82064449,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.182.171.50","src_port":28681,"dst_port":15180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_src_last_pkt_time":82064449,"flow_dst_last_pkt_time":82064449,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82064449,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0h78AAIARwQIKAAIPOrarMnAJO0wAIAIKR05EED7oAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064449,"flow_src_last_pkt_time":82064449,"flow_dst_last_pkt_time":82064449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82064449,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.182.171.50","src_port":28681,"dst_port":15180,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064635,"flow_src_last_pkt_time":82064635,"flow_dst_last_pkt_time":82064635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82064635,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.73.129.26","src_port":28681,"dst_port":53585,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_src_last_pkt_time":82064635,"flow_dst_last_pkt_time":82064635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82064635,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0OpsAAIARAKwKAAIPckmBGnAJ0VEAIF6IR05EED7pAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064635,"flow_src_last_pkt_time":82064635,"flow_dst_last_pkt_time":82064635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82064635,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.73.129.26","src_port":28681,"dst_port":53585,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":82064863,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82064863,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_src_last_pkt_time":82064863,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82064863,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0oO4AAIAR8nkKAAIPiscQe3AJzwEAILj4R05EED7qAQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":82064863,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82064863,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065036,"flow_src_last_pkt_time":82065036,"flow_dst_last_pkt_time":82065036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82065036,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_src_last_pkt_time":82065036,"flow_dst_last_pkt_time":82065036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82065036,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ANIAAIARBlgKAAIPVarR1nAJtIIAIEc4R05EED7rAQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":640,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065036,"flow_src_last_pkt_time":82065036,"flow_dst_last_pkt_time":82065036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82065036,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":641,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065172,"flow_src_last_pkt_time":82065172,"flow_dst_last_pkt_time":82065172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82065172,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_src_last_pkt_time":82065172,"flow_dst_last_pkt_time":82065172,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82065172,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0K1QAAIARx6gKAAIPsIaLJ3AJGMoAIM7CR05EED7sAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065172,"flow_src_last_pkt_time":82065172,"flow_dst_last_pkt_time":82065172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82065172,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065387,"flow_src_last_pkt_time":82065387,"flow_dst_last_pkt_time":82065387,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82065387,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"120.156.204.38","src_port":28681,"dst_port":54832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_src_last_pkt_time":82065387,"flow_dst_last_pkt_time":82065387,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82065387,"pkt":"UlQAEjUCCAAn5uVZCABFAAA06YYAAIARAGEKAAIPeJzMJnAJ1jAAIAhGR05EED7tAQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065387,"flow_src_last_pkt_time":82065387,"flow_dst_last_pkt_time":82065387,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82065387,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"120.156.204.38","src_port":28681,"dst_port":54832,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":643,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065556,"flow_src_last_pkt_time":82065556,"flow_dst_last_pkt_time":82065556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82065556,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.126.240.32","src_port":28681,"dst_port":45313,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_src_last_pkt_time":82065556,"flow_dst_last_pkt_time":82065556,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82065556,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0TesAAIARnCAKAAIPVH7wIHAJsQEAIC2YR05EED7uAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":643,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065556,"flow_src_last_pkt_time":82065556,"flow_dst_last_pkt_time":82065556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82065556,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.126.240.32","src_port":28681,"dst_port":45313,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065828,"flow_src_last_pkt_time":82065828,"flow_dst_last_pkt_time":82065828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82065828,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.29.197.138","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_src_last_pkt_time":82065828,"flow_dst_last_pkt_time":82065828,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82065828,"pkt":"UlQAEjUCCAAn5uVZCABFAAA00QQAAIARN\/4KAAIPYB3FinAJGMoAIOTFR05EED7vAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065828,"flow_src_last_pkt_time":82065828,"flow_dst_last_pkt_time":82065828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82065828,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.29.197.138","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066069,"flow_src_last_pkt_time":82066069,"flow_dst_last_pkt_time":82066069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82066069,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.166.132.204","src_port":28681,"dst_port":11194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_src_last_pkt_time":82066069,"flow_dst_last_pkt_time":82066069,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82066069,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GtoAAIARuV0KAAIP1aaEzHAJK7oAIJ0JR05EED7wAQFUC1FLUlAGUk5BXS\/iNQlw"} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066069,"flow_src_last_pkt_time":82066069,"flow_dst_last_pkt_time":82066069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82066069,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.166.132.204","src_port":28681,"dst_port":11194,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066178,"flow_src_last_pkt_time":82066178,"flow_dst_last_pkt_time":82066178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82066178,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.242.191.215","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_src_last_pkt_time":82066178,"flow_dst_last_pkt_time":82066178,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82066178,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0J\/gAAIAR9OgKAAIPUfK\/13AJGMoAIPihR05EED7xAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066178,"flow_src_last_pkt_time":82066178,"flow_dst_last_pkt_time":82066178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82066178,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.242.191.215","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066316,"flow_src_last_pkt_time":82066316,"flow_dst_last_pkt_time":82066316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82066316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.64.215","src_port":28681,"dst_port":25058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_src_last_pkt_time":82066316,"flow_dst_last_pkt_time":82066316,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82066316,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0e5YAAIARIEQKAAIPUflA13AJYeIAIC6CR05EED7yAQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066316,"flow_src_last_pkt_time":82066316,"flow_dst_last_pkt_time":82066316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82066316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.64.215","src_port":28681,"dst_port":25058,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":82066425,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82066425,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_src_last_pkt_time":82066425,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82066425,"pkt":"UlQAEjUCCAAn5uVZCABFAAA06UQAAIARhsgKAAIPW7Ni6nAJGMoAIEvMR05EED7zAQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":82066425,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":82066425,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":3,"flow_src_last_pkt_time":82326516,"flow_dst_last_pkt_time":73300612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82326516,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0+G5AAIAG6ugKAAIP20YwF8RRC+6AEyaiAAAAAIAC+vDlvQAAAgQFtAEDAwgBAQQC"} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":3,"flow_src_last_pkt_time":82326618,"flow_dst_last_pkt_time":73299039,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82326618,"pkt":"UlQAEjUCCAAn5uVZCABFAAA00ENAAIAGLmAKAAIPJOzLJcRPy8UyAvKaAAAAAIAC+vDDTAAAAgQFtAEDAwgBAQQC"} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":3,"flow_src_last_pkt_time":82326660,"flow_dst_last_pkt_time":73301240,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":82326660,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0hYhAAIAGFfYKAAIPemTY0sRSG7mAD45dAAAAAIAC+vAmYQAAAgQFtAEDAwgBAQQC"} @@ -760,24 +861,34 @@ 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":61974633,"flow_dst_last_pkt_time":83345541,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":83345541,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAwMAAEAG25tQjD+TCgACD3NpxA4AX7QBeWsMs2AS\/\/+J8QAAAgQFtA=="} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517645,"flow_src_last_pkt_time":83517645,"flow_dst_last_pkt_time":83517645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83517645,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.120.146","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_src_last_pkt_time":83517645,"flow_dst_last_pkt_time":83517645,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":83517645,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bTAAAIARH4QKAAIPKWR4knAJMiYAIE8WR05EED70AQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517645,"flow_src_last_pkt_time":83517645,"flow_dst_last_pkt_time":83517645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83517645,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.120.146","src_port":28681,"dst_port":12838,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517985,"flow_src_last_pkt_time":83517985,"flow_dst_last_pkt_time":83517985,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83517985,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"186.93.139.92","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_src_last_pkt_time":83517985,"flow_dst_last_pkt_time":83517985,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":83517985,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0DJEAAIAR3F8KAAIPul2LXHAJGMoAIMStR05EED71AQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517985,"flow_src_last_pkt_time":83517985,"flow_dst_last_pkt_time":83517985,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83517985,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"186.93.139.92","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518339,"flow_src_last_pkt_time":83518339,"flow_dst_last_pkt_time":83518339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83518339,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.3.223","src_port":28681,"dst_port":12848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_src_last_pkt_time":83518339,"flow_dst_last_pkt_time":83518339,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":83518339,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0D6MAAIAR9j8KAAIPJOkD33AJMjAAIMg4R05EED72AQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":663,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518339,"flow_src_last_pkt_time":83518339,"flow_dst_last_pkt_time":83518339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83518339,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.3.223","src_port":28681,"dst_port":12848,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":83518597,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83518597,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_src_last_pkt_time":83518597,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":83518597,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0zQUAAIARHcwKAAIPBbQ+JXAJGMoAIMaMR05EED73AQFUC1FLUlAGUk5BXS\/iNQlw"} +01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":83518597,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83518597,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518912,"flow_src_last_pkt_time":83518912,"flow_dst_last_pkt_time":83518912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83518912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.169.215.227","src_port":28681,"dst_port":26820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_src_last_pkt_time":83518912,"flow_dst_last_pkt_time":83518912,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":83518912,"pkt":"UlQAEjUCCAAn5uVZCABFAAA024QAAIARH5kKAAIPW6nX43AJaMQAIIbdR05EED74AQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518912,"flow_src_last_pkt_time":83518912,"flow_dst_last_pkt_time":83518912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83518912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.169.215.227","src_port":28681,"dst_port":26820,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":667,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519424,"flow_src_last_pkt_time":83519424,"flow_dst_last_pkt_time":83519424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83519424,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_src_last_pkt_time":83519424,"flow_dst_last_pkt_time":83519424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":83519424,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0JvAAAIARngUKAAIPTp8bFnAJRJsAIHTdR05EED75AQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":667,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519424,"flow_src_last_pkt_time":83519424,"flow_dst_last_pkt_time":83519424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83519424,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":669,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519593,"flow_src_last_pkt_time":83519593,"flow_dst_last_pkt_time":83519593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83519593,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"212.68.248.153","src_port":28681,"dst_port":27223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_src_last_pkt_time":83519593,"flow_dst_last_pkt_time":83519593,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":83519593,"pkt":"UlQAEjUCCAAn5uVZCABFAAA00CEAAIARkaoKAAIP1ET4mXAJalcAIOv2R05EED76AQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519593,"flow_src_last_pkt_time":83519593,"flow_dst_last_pkt_time":83519593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83519593,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"212.68.248.153","src_port":28681,"dst_port":27223,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519791,"flow_src_last_pkt_time":83519791,"flow_dst_last_pkt_time":83519791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83519791,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"126.117.45.151","src_port":28681,"dst_port":19323,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_src_last_pkt_time":83519791,"flow_dst_last_pkt_time":83519791,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":83519791,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0p4kAAIAR2xQKAAIPfnUtl3AJS3sAICukR05EED77AQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519791,"flow_src_last_pkt_time":83519791,"flow_dst_last_pkt_time":83519791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83519791,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"126.117.45.151","src_port":28681,"dst_port":19323,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":671,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519999,"flow_src_last_pkt_time":83519999,"flow_dst_last_pkt_time":83519999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83519999,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.52.115","src_port":28681,"dst_port":53956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_src_last_pkt_time":83519999,"flow_dst_last_pkt_time":83519999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":83519999,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0+tkAAIARTsIKAAIPsJs0c3AJ0sQAIGtXR05EED78AQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519999,"flow_src_last_pkt_time":83519999,"flow_dst_last_pkt_time":83519999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83519999,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.52.115","src_port":28681,"dst_port":53956,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":83520153,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83520153,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_src_last_pkt_time":83520153,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":83520153,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0H4AAAIARbHwKAAIPTB5WkHAJ0j0AIK49R05EED79AQFUC1FLUlAGUk5BXS\/iNQlw"} +01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":83520153,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83520153,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83564038,"flow_src_last_pkt_time":83564038,"flow_dst_last_pkt_time":83564038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":83564038,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":9239,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_src_last_pkt_time":83564038,"flow_dst_last_pkt_time":83564038,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":83564038,"pkt":"UlQAEjUCCAAn5uVZCABFAABLd8UAAIAR7i8KAAIPcfxWonAJJBcANy3AJNUxAmj8GYH\/vMbgH9u+AwABABgAAADDA1NDUEECAlZDRUdUS0dihkRIVElQUEA="} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":2,"flow_src_last_pkt_time":83564038,"flow_dst_last_pkt_time":83804788,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":83804788,"pkt":"CAAn5uVZUlQAEjUCCABFAAB3AwYAAEARosNx\/FaiCgACDyQXcAkAY+agJNUxAmj8GYH\/vMbgH9u+AwEBAEQAAAAXJHH8VqIWAAAAAAAABMMCVVBDAQsGo0lQUGl4nAEeAOH\/2qTGGyrrJOoSptzxtNqH3sQRchsYX6MsAay4MHcT\/6kOwg=="} @@ -1192,8 +1303,10 @@ 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1204,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":3,"flow_src_last_pkt_time":93622611,"flow_dst_last_pkt_time":84593194,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":93622611,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0y5RAAIAGmKYKAAIPchsYX8ReLKPFX+7aAAAAAIAC+vA4WgAAAgQFtAEDAwgBAQQC"} 00747{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1206,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":93713981,"flow_src_last_pkt_time":93713981,"flow_dst_last_pkt_time":93713981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":93713981,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1206,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_src_last_pkt_time":93713981,"flow_dst_last_pkt_time":93713981,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":93713981,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Ab0AAIARJSYKAAIPWKivH3AJGMoAIAKXR05EED7+AQFUC1FLUlAGUk5BXS\/iNQlw"} +01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":93713981,"flow_src_last_pkt_time":93713981,"flow_dst_last_pkt_time":93713981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":93713981,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1207,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":93714209,"flow_src_last_pkt_time":93714209,"flow_dst_last_pkt_time":93714209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":93714209,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1207,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_src_last_pkt_time":93714209,"flow_dst_last_pkt_time":93714209,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":93714209,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0J3cAAIARnXIKAAIPKfk\/yHAJWDYAIGEwR05EED7\/AQFUC1FLUlAGUk5BXS\/iNQlw"} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1207,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":93714209,"flow_src_last_pkt_time":93714209,"flow_dst_last_pkt_time":93714209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":93714209,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":2,"flow_src_last_pkt_time":93763238,"flow_dst_last_pkt_time":90738695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":93763238,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GYxAAIAGqNsKAAIPXwrNQ8R0LVPIsf8hAAAAAIAC+vCCJwAAAgQFtAEDAwgBAQQC"} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":2,"flow_src_last_pkt_time":93763366,"flow_dst_last_pkt_time":90747448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":93763366,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0AsBAAIAGpi8KAAIP1eVv4MSREwzLMAmEAAAAAIAC+vB1+AAAAgQFtAEDAwgBAQQC"} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":2,"flow_src_last_pkt_time":93763394,"flow_dst_last_pkt_time":90738015,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":93763394,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Rs1AAIAGRA4KAAIPyAeb0sRzbs28TEPZAAAAAIAC+vDQzwAAAgQFtAEDAwgBAQQC"} @@ -1422,66 +1535,66 @@ 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2012,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":3,"flow_src_last_pkt_time":116952656,"flow_dst_last_pkt_time":100920359,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":116952656,"pkt":"UlQAEjUCCAAn5uVZCABFAABtMigAAIARW8EKAAIPXjZCUnAJ+JUAWdgAXr4xAg\/r1cFsj19qlWaDPkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} 01479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2025,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":4,"flow_src_last_pkt_time":116942486,"flow_dst_last_pkt_time":117049881,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_usec":117049881,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBf8AAEARN\/lg7M0HCgACD4fqcAkC35oc9cIxAlSvaqi63PpUHKTx3UQAAMACAAAGR1RLRwAA+Ts9p8WeGiSZuDZKSPQI3121aXEEYOzNB4fqAQAAAASVRD4TFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtUw=="} 02324{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2038,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":90742816,"flow_src_last_pkt_time":121143186,"flow_dst_last_pkt_time":117002254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":599,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1696,"flow_dst_tot_l4_payload_len":3374,"midstream":0,"thread_ts_usec":121143186,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50300,"dst_port":11852,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":49,"avg":1827735.8,"max":13801588,"stddev":3934254.5,"var":15478358540288.0,"ent":2.8,"data": [17190,17418,3506,3946,14197,14999,687,2797,2855,25798,49,26144,8990,9323,15893,71757,495574,483536,221196,265159,15579,77266,487598,467678,9468962,9510672,13760964,13801588,1593559,1633954,4140974]},"pktlen": {"min":40,"avg":198.9,"max":1500,"stddev":294.0,"var":86413.1,"ent":4.0,"data": [52,44,40,639,40,699,111,40,304,40,1500,180,40,166,40,91,40,219,40,404,40,387,40,507,40,115,40,111,40,176,40,101]},"bins": {"c_to_s": [8,1,2,1,1,0,0,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,1,0,1,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0],"entropies": [4.624014378,4.823068142,4.780641079,5.806199551,4.621928692,5.719610691,5.576837540,4.671928883,5.283092022,4.671928883,7.655467510,6.721651554,4.721928596,6.328861237,4.558695793,5.166602612,4.830641270,6.855683327,4.780641556,7.482919216,4.671928883,7.395811558,4.730640888,7.500388622,4.830641270,5.985765934,4.621928692,5.830484867,4.830641270,6.691635132,4.621928692,5.872485161]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852470,"flow_src_last_pkt_time":72852470,"flow_dst_last_pkt_time":72852470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":72850420,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":71540581,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00748{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":70230940,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852470,"flow_src_last_pkt_time":72852470,"flow_dst_last_pkt_time":72852470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":72850420,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":71540581,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01179{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":70230940,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":13118832,"flow_src_last_pkt_time":15640687,"flow_dst_last_pkt_time":13118832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1073,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1073,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12876,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63957,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00943{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":15469932,"flow_src_last_pkt_time":22405999,"flow_dst_last_pkt_time":15469932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":624,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":624,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4368,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63964,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00934{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":12446804,"flow_src_last_pkt_time":12446804,"flow_dst_last_pkt_time":12446804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":314,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01054{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":12447076,"flow_src_last_pkt_time":12447076,"flow_dst_last_pkt_time":12447076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":548,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":548,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00935{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":12827507,"flow_src_last_pkt_time":41755684,"flow_dst_last_pkt_time":12827507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":966,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01063{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":73950296,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":402,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535614,"flow_src_last_pkt_time":71535614,"flow_dst_last_pkt_time":71535614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535614,"flow_src_last_pkt_time":71535614,"flow_dst_last_pkt_time":71535614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00943{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":15284358,"flow_src_last_pkt_time":23969210,"flow_dst_last_pkt_time":15284358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1601,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":71541038,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536922,"flow_src_last_pkt_time":71536922,"flow_dst_last_pkt_time":71536922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":71540885,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540687,"flow_src_last_pkt_time":71540687,"flow_dst_last_pkt_time":71540687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.104","src_port":28681,"dst_port":11804,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537199,"flow_src_last_pkt_time":71537199,"flow_dst_last_pkt_time":71537199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536330,"flow_src_last_pkt_time":71536330,"flow_dst_last_pkt_time":71536330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":71541038,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536922,"flow_src_last_pkt_time":71536922,"flow_dst_last_pkt_time":71536922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":71540885,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540687,"flow_src_last_pkt_time":71540687,"flow_dst_last_pkt_time":71540687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.104","src_port":28681,"dst_port":11804,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537199,"flow_src_last_pkt_time":71537199,"flow_dst_last_pkt_time":71537199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536330,"flow_src_last_pkt_time":71536330,"flow_dst_last_pkt_time":71536330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00955{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":13118724,"flow_src_last_pkt_time":15640529,"flow_dst_last_pkt_time":13118724,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1091,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1091,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13092,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63958,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":15469659,"flow_src_last_pkt_time":21843510,"flow_dst_last_pkt_time":15469659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":624,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":624,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4368,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63965,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851488,"flow_src_last_pkt_time":72851488,"flow_dst_last_pkt_time":72851488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.225.140.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":71540138,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538650,"flow_src_last_pkt_time":71538650,"flow_dst_last_pkt_time":71538650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.39.154.69","src_port":28681,"dst_port":4832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":72853366,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":72853723,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851488,"flow_src_last_pkt_time":72851488,"flow_dst_last_pkt_time":72851488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.225.140.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":71540138,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538650,"flow_src_last_pkt_time":71538650,"flow_dst_last_pkt_time":71538650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.39.154.69","src_port":28681,"dst_port":4832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":72853366,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":72853723,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00933{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":12529525,"flow_src_last_pkt_time":43193100,"flow_dst_last_pkt_time":12529525,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":72849569,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":72849569,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":15285641,"flow_src_last_pkt_time":21297325,"flow_dst_last_pkt_time":15285641,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":95,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":475,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63960,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":72852834,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230444,"flow_src_last_pkt_time":70230444,"flow_dst_last_pkt_time":70230444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":70230046,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":72852834,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230444,"flow_src_last_pkt_time":70230444,"flow_dst_last_pkt_time":70230444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":70230046,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":12529625,"flow_src_last_pkt_time":43193303,"flow_dst_last_pkt_time":12529625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":72852642,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850054,"flow_src_last_pkt_time":72850054,"flow_dst_last_pkt_time":72850054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":1024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540307,"flow_src_last_pkt_time":71540307,"flow_dst_last_pkt_time":71540307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":72849111,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":71540796,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":72852255,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536631,"flow_src_last_pkt_time":71536631,"flow_dst_last_pkt_time":71536631,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":72848739,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":72851137,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538933,"flow_src_last_pkt_time":71538933,"flow_dst_last_pkt_time":71538933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":72850779,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537931,"flow_src_last_pkt_time":71537931,"flow_dst_last_pkt_time":71537931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535977,"flow_src_last_pkt_time":71535977,"flow_dst_last_pkt_time":71535977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538247,"flow_src_last_pkt_time":71538247,"flow_dst_last_pkt_time":71538247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":72852642,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850054,"flow_src_last_pkt_time":72850054,"flow_dst_last_pkt_time":72850054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":1024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540307,"flow_src_last_pkt_time":71540307,"flow_dst_last_pkt_time":71540307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":72849111,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":71540796,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":72852255,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536631,"flow_src_last_pkt_time":71536631,"flow_dst_last_pkt_time":71536631,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":72848739,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":72851137,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538933,"flow_src_last_pkt_time":71538933,"flow_dst_last_pkt_time":71538933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":72850779,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537931,"flow_src_last_pkt_time":71537931,"flow_dst_last_pkt_time":71537931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535977,"flow_src_last_pkt_time":71535977,"flow_dst_last_pkt_time":71535977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538247,"flow_src_last_pkt_time":71538247,"flow_dst_last_pkt_time":71538247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00949{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":12461875,"flow_src_last_pkt_time":75501587,"flow_dst_last_pkt_time":12461875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":637,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":72853009,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":71539473,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":72853538,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537663,"flow_src_last_pkt_time":71537663,"flow_dst_last_pkt_time":71537663,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":71539248,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":72853009,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":71539473,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":72853538,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537663,"flow_src_last_pkt_time":71537663,"flow_dst_last_pkt_time":71537663,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":71539248,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00937{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":12529999,"flow_src_last_pkt_time":12529999,"flow_dst_last_pkt_time":12529999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":63717,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":71540385,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851799,"flow_src_last_pkt_time":72851799,"flow_dst_last_pkt_time":72851799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.86.173.45","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":70230689,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":71540385,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851799,"flow_src_last_pkt_time":72851799,"flow_dst_last_pkt_time":72851799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.86.173.45","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":70230689,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":12529920,"flow_src_last_pkt_time":12529920,"flow_dst_last_pkt_time":12529920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":63717,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539621,"flow_src_last_pkt_time":71539621,"flow_dst_last_pkt_time":71539621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538408,"flow_src_last_pkt_time":71538408,"flow_dst_last_pkt_time":71538408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":72853189,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539621,"flow_src_last_pkt_time":71539621,"flow_dst_last_pkt_time":71539621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538408,"flow_src_last_pkt_time":71538408,"flow_dst_last_pkt_time":71538408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":72853189,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":121253102,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":3,"flow_src_last_pkt_time":121820041,"flow_dst_last_pkt_time":115702290,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":121820041,"pkt":"UlQAEjUCCAAn5uVZCABFAAA5tigAAIARac8KAAIPDsj\/5XAJkMIAJc6JzTYxAkzkFwP\/aHzSItv7AwABAAYAAADDg0dVRUA="} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":4,"flow_src_last_pkt_time":121820041,"flow_dst_last_pkt_time":122157131,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"thread_ts_usec":122157131,"pkt":"CAAn5uVZUlQAEjUCCABFAABqBjUAAEARWZIOyP\/lCgACD5DCcAkAVt2dzTYxAkzkFwP\/aHzSItv7AwEBADcAAADCkA7I\/+WyNgAAAAAgAMMDREhUQwAAAgJEVUPyFAEDR1VFQANMT0NDZW4AA1RMU0CCVVBDAAAE"} 01480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2049,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":4,"flow_src_last_pkt_time":116952656,"flow_dst_last_pkt_time":123854529,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_usec":123854529,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBkMAAEARxSBeNkJSCgACD\/iVcAkC3734Xr4xAg\/r1cFsj19qlWaDPkQAAMACAAAGR1RLRwAA+wNHJRwgXbAuWugSpAUSxJsCHL8EXjZCUviVAQAAAAR+IhyrFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtUw=="} @@ -1544,6 +1657,7 @@ 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2101,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":2,"flow_src_last_pkt_time":129345403,"flow_dst_last_pkt_time":96049954,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":129345403,"pkt":"UlQAEjUCCAAn5uVZCABFAABtTdUAAIARVp8KAAIPVBw14XAJrzsAWRB8uXsxAsNFs8rL71MevwvUD0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2118,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":131668560,"flow_src_last_pkt_time":131668560,"flow_dst_last_pkt_time":131668560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131668560,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"187.37.87.189","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2118,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_src_last_pkt_time":131668560,"flow_dst_last_pkt_time":131668560,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":131668560,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0FboAAIARBg4KAAIPuyVXvXAJGMoAIPd5R05EED8AAQFUC1FLUlAGUk5BXS\/iNQlw"} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2118,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":131668560,"flow_src_last_pkt_time":131668560,"flow_dst_last_pkt_time":131668560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131668560,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"187.37.87.189","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2119,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_src_last_pkt_time":131668865,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":131668865,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0f68AAIAR17kKAAIPd+BfYXAJtRQAIJbPR05EED8BAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2120,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":2,"flow_src_last_pkt_time":131669387,"flow_dst_last_pkt_time":82062993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":131669387,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05JQAAIARi28KAAIPU4ZrIHAJl7QAIMzJR05EED8CAQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2121,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_src_last_pkt_time":131669767,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":131669767,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0s0oAAIARB\/AKAAIPrGHHDnAJGMoAIJbpR05EED8DAQFUC1FLUlAGUk5BXS\/iNQlw"} @@ -1553,6 +1667,7 @@ 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2125,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":2,"flow_src_last_pkt_time":131671261,"flow_dst_last_pkt_time":82059383,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":131671261,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0MzkAAIARkVYKAAIPjsXbVXAJZnoAIFKKR05EED8HAQFUC1FLUlAGUk5BXS\/iNQlw"} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2126,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":131671537,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131671537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2126,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_src_last_pkt_time":131671537,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":131671537,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0NSMAAIARFykKAAIPsL8xn3AJGMoAICf2R05EED8IAQFUC1FLUlAGUk5BXS\/iNQlw"} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2126,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":131671537,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131671537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2127,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_src_last_pkt_time":131671769,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":131671769,"pkt":"UlQAEjUCCAAn5uVZCABFAAA09U4AAIARELMKAAIPTY3bG3AJkswAIGeoR05EED8JAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2128,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":2,"flow_src_last_pkt_time":131671934,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":131671934,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0rnIAAIARKEIKAAIPWjv9unAJPMMAII5jR05EED8KAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2129,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_src_last_pkt_time":131672247,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":131672247,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0790AAIARW48KAAIPsIoys3AJcuMAIMz6R05EED8LAQFUC1FLUlAGUk5BXS\/iNQlw"} @@ -1568,76 +1683,77 @@ 00916{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":10750507,"flow_src_last_pkt_time":10750507,"flow_dst_last_pkt_time":10750507,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00900{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":9752391,"flow_src_last_pkt_time":9752391,"flow_dst_last_pkt_time":9752391,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffa4:e108","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01026{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":71216656,"flow_src_last_pkt_time":95489541,"flow_dst_last_pkt_time":71216656,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060300,"flow_src_last_pkt_time":82060300,"flow_dst_last_pkt_time":82060300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":131671934,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":131670725,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":82062444,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064076,"flow_src_last_pkt_time":82064076,"flow_dst_last_pkt_time":82064076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.127.72.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":82063897,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060300,"flow_src_last_pkt_time":82060300,"flow_dst_last_pkt_time":82060300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":131671934,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":131670725,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":82062444,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064076,"flow_src_last_pkt_time":82064076,"flow_dst_last_pkt_time":82064076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.127.72.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":82063897,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":83564038,"flow_src_last_pkt_time":83564038,"flow_dst_last_pkt_time":83804788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":91,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":9239,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":83520153,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519791,"flow_src_last_pkt_time":83519791,"flow_dst_last_pkt_time":83519791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"126.117.45.151","src_port":28681,"dst_port":19323,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057536,"flow_src_last_pkt_time":82057536,"flow_dst_last_pkt_time":82057536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.182.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064449,"flow_src_last_pkt_time":82064449,"flow_dst_last_pkt_time":82064449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.182.171.50","src_port":28681,"dst_port":15180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":82063378,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":82060552,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063492,"flow_src_last_pkt_time":82063492,"flow_dst_last_pkt_time":82063492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061887,"flow_src_last_pkt_time":82061887,"flow_dst_last_pkt_time":82061887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.177.5.135","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059148,"flow_src_last_pkt_time":82059148,"flow_dst_last_pkt_time":82059148,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.159.111","src_port":28681,"dst_port":44729,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518912,"flow_src_last_pkt_time":83518912,"flow_dst_last_pkt_time":83518912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.169.215.227","src_port":28681,"dst_port":26820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063616,"flow_src_last_pkt_time":82063616,"flow_dst_last_pkt_time":82063616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.44.126.74","src_port":28681,"dst_port":54633,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060041,"flow_src_last_pkt_time":82060041,"flow_dst_last_pkt_time":82060041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.162.52.93","src_port":28681,"dst_port":34799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":82062863,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":82063260,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066069,"flow_src_last_pkt_time":82066069,"flow_dst_last_pkt_time":82066069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.166.132.204","src_port":28681,"dst_port":11194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065387,"flow_src_last_pkt_time":82065387,"flow_dst_last_pkt_time":82065387,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"120.156.204.38","src_port":28681,"dst_port":54832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064635,"flow_src_last_pkt_time":82064635,"flow_dst_last_pkt_time":82064635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.73.129.26","src_port":28681,"dst_port":53585,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066178,"flow_src_last_pkt_time":82066178,"flow_dst_last_pkt_time":82066178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.242.191.215","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066316,"flow_src_last_pkt_time":82066316,"flow_dst_last_pkt_time":82066316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.64.215","src_port":28681,"dst_port":25058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82060665,"flow_src_last_pkt_time":131672987,"flow_dst_last_pkt_time":82060665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":82061705,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518339,"flow_src_last_pkt_time":83518339,"flow_dst_last_pkt_time":83518339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.3.223","src_port":28681,"dst_port":12848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064299,"flow_src_last_pkt_time":82064299,"flow_dst_last_pkt_time":82064299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059900,"flow_src_last_pkt_time":82059900,"flow_dst_last_pkt_time":82059900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.157.59.43","src_port":28681,"dst_port":56919,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":82057972,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519424,"flow_src_last_pkt_time":83519424,"flow_dst_last_pkt_time":83519424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":82061139,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059383,"flow_src_last_pkt_time":131671261,"flow_dst_last_pkt_time":82059383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":131673716,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":82066425,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063123,"flow_src_last_pkt_time":82063123,"flow_dst_last_pkt_time":82063123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.195.105.243","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":82058634,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061491,"flow_src_last_pkt_time":82061491,"flow_dst_last_pkt_time":82061491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"178.51.146.115","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062738,"flow_src_last_pkt_time":82062738,"flow_dst_last_pkt_time":82062738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.182.44.202","src_port":28681,"dst_port":30277,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":83518597,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":82059773,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":82060415,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":82058765,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060791,"flow_src_last_pkt_time":82060791,"flow_dst_last_pkt_time":82060791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.74.159.56","src_port":28681,"dst_port":29271,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":82062565,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059497,"flow_src_last_pkt_time":131670469,"flow_dst_last_pkt_time":82059497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":82058913,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062993,"flow_src_last_pkt_time":131669387,"flow_dst_last_pkt_time":82062993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061259,"flow_src_last_pkt_time":82061259,"flow_dst_last_pkt_time":82061259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.157.183.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065828,"flow_src_last_pkt_time":82065828,"flow_dst_last_pkt_time":82065828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.29.197.138","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":82060952,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062130,"flow_src_last_pkt_time":131672351,"flow_dst_last_pkt_time":82062130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517645,"flow_src_last_pkt_time":83517645,"flow_dst_last_pkt_time":83517645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.120.146","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519999,"flow_src_last_pkt_time":83519999,"flow_dst_last_pkt_time":83519999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.52.115","src_port":28681,"dst_port":53956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517985,"flow_src_last_pkt_time":83517985,"flow_dst_last_pkt_time":83517985,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"186.93.139.92","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":82064863,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057279,"flow_src_last_pkt_time":82057279,"flow_dst_last_pkt_time":82057279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"174.115.111.224","src_port":28681,"dst_port":51984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065036,"flow_src_last_pkt_time":82065036,"flow_dst_last_pkt_time":82065036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063782,"flow_src_last_pkt_time":82063782,"flow_dst_last_pkt_time":82063782,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.150.126.156","src_port":28681,"dst_port":16471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061374,"flow_src_last_pkt_time":82061374,"flow_dst_last_pkt_time":82061374,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.46.253.7","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059277,"flow_src_last_pkt_time":131673144,"flow_dst_last_pkt_time":82059277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519593,"flow_src_last_pkt_time":83519593,"flow_dst_last_pkt_time":83519593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"212.68.248.153","src_port":28681,"dst_port":27223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":82058413,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065556,"flow_src_last_pkt_time":82065556,"flow_dst_last_pkt_time":82065556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.126.240.32","src_port":28681,"dst_port":45313,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065172,"flow_src_last_pkt_time":82065172,"flow_dst_last_pkt_time":82065172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":83520153,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519791,"flow_src_last_pkt_time":83519791,"flow_dst_last_pkt_time":83519791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"126.117.45.151","src_port":28681,"dst_port":19323,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057536,"flow_src_last_pkt_time":82057536,"flow_dst_last_pkt_time":82057536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.182.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064449,"flow_src_last_pkt_time":82064449,"flow_dst_last_pkt_time":82064449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.182.171.50","src_port":28681,"dst_port":15180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":82063378,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":82060552,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063492,"flow_src_last_pkt_time":82063492,"flow_dst_last_pkt_time":82063492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061887,"flow_src_last_pkt_time":82061887,"flow_dst_last_pkt_time":82061887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.177.5.135","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059148,"flow_src_last_pkt_time":82059148,"flow_dst_last_pkt_time":82059148,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.159.111","src_port":28681,"dst_port":44729,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518912,"flow_src_last_pkt_time":83518912,"flow_dst_last_pkt_time":83518912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.169.215.227","src_port":28681,"dst_port":26820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063616,"flow_src_last_pkt_time":82063616,"flow_dst_last_pkt_time":82063616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.44.126.74","src_port":28681,"dst_port":54633,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060041,"flow_src_last_pkt_time":82060041,"flow_dst_last_pkt_time":82060041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.162.52.93","src_port":28681,"dst_port":34799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":82062863,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":82063260,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066069,"flow_src_last_pkt_time":82066069,"flow_dst_last_pkt_time":82066069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.166.132.204","src_port":28681,"dst_port":11194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065387,"flow_src_last_pkt_time":82065387,"flow_dst_last_pkt_time":82065387,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"120.156.204.38","src_port":28681,"dst_port":54832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064635,"flow_src_last_pkt_time":82064635,"flow_dst_last_pkt_time":82064635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.73.129.26","src_port":28681,"dst_port":53585,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066178,"flow_src_last_pkt_time":82066178,"flow_dst_last_pkt_time":82066178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.242.191.215","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066316,"flow_src_last_pkt_time":82066316,"flow_dst_last_pkt_time":82066316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.64.215","src_port":28681,"dst_port":25058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82060665,"flow_src_last_pkt_time":131672987,"flow_dst_last_pkt_time":82060665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":82061705,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518339,"flow_src_last_pkt_time":83518339,"flow_dst_last_pkt_time":83518339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.3.223","src_port":28681,"dst_port":12848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064299,"flow_src_last_pkt_time":82064299,"flow_dst_last_pkt_time":82064299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059900,"flow_src_last_pkt_time":82059900,"flow_dst_last_pkt_time":82059900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.157.59.43","src_port":28681,"dst_port":56919,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":82057972,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519424,"flow_src_last_pkt_time":83519424,"flow_dst_last_pkt_time":83519424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":82061139,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059383,"flow_src_last_pkt_time":131671261,"flow_dst_last_pkt_time":82059383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":131673716,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":82066425,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063123,"flow_src_last_pkt_time":82063123,"flow_dst_last_pkt_time":82063123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.195.105.243","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":82058634,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061491,"flow_src_last_pkt_time":82061491,"flow_dst_last_pkt_time":82061491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"178.51.146.115","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062738,"flow_src_last_pkt_time":82062738,"flow_dst_last_pkt_time":82062738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.182.44.202","src_port":28681,"dst_port":30277,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":83518597,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":82059773,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":82060415,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":82058765,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060791,"flow_src_last_pkt_time":82060791,"flow_dst_last_pkt_time":82060791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.74.159.56","src_port":28681,"dst_port":29271,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":82062565,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059497,"flow_src_last_pkt_time":131670469,"flow_dst_last_pkt_time":82059497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":82058913,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062993,"flow_src_last_pkt_time":131669387,"flow_dst_last_pkt_time":82062993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061259,"flow_src_last_pkt_time":82061259,"flow_dst_last_pkt_time":82061259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.157.183.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065828,"flow_src_last_pkt_time":82065828,"flow_dst_last_pkt_time":82065828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.29.197.138","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":82060952,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062130,"flow_src_last_pkt_time":131672351,"flow_dst_last_pkt_time":82062130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517645,"flow_src_last_pkt_time":83517645,"flow_dst_last_pkt_time":83517645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.120.146","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519999,"flow_src_last_pkt_time":83519999,"flow_dst_last_pkt_time":83519999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.52.115","src_port":28681,"dst_port":53956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517985,"flow_src_last_pkt_time":83517985,"flow_dst_last_pkt_time":83517985,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"186.93.139.92","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":82064863,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057279,"flow_src_last_pkt_time":82057279,"flow_dst_last_pkt_time":82057279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"174.115.111.224","src_port":28681,"dst_port":51984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065036,"flow_src_last_pkt_time":82065036,"flow_dst_last_pkt_time":82065036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063782,"flow_src_last_pkt_time":82063782,"flow_dst_last_pkt_time":82063782,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.150.126.156","src_port":28681,"dst_port":16471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061374,"flow_src_last_pkt_time":82061374,"flow_dst_last_pkt_time":82061374,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.46.253.7","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059277,"flow_src_last_pkt_time":131673144,"flow_dst_last_pkt_time":82059277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519593,"flow_src_last_pkt_time":83519593,"flow_dst_last_pkt_time":83519593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"212.68.248.153","src_port":28681,"dst_port":27223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":82058413,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065556,"flow_src_last_pkt_time":82065556,"flow_dst_last_pkt_time":82065556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.126.240.32","src_port":28681,"dst_port":45313,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065172,"flow_src_last_pkt_time":82065172,"flow_dst_last_pkt_time":82065172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":131673854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 02341{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2139,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":71205274,"flow_src_last_pkt_time":117002547,"flow_dst_last_pkt_time":132821508,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":705,"flow_dst_tot_l4_payload_len":2420,"midstream":0,"thread_ts_usec":132821508,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.214.154.216","src_port":50248,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1091,"avg":3464951.8,"max":22684647,"stddev":6255594.5,"var":39132462055424.0,"ent":3.3,"data": [399865,400165,2576,3065,879170,880284,1091,343284,15848,359592,3003,2180,5087,145122,145627,10048654,10048652,469496,2676,472723,3557750,3604090,6175326,6222212,413766,464528,22633783,22684647,605343,604983,15818919]},"pktlen": {"min":40,"avg":138.2,"max":1064,"stddev":217.4,"var":47264.8,"ent":4.0,"data": [52,44,40,344,40,323,143,40,118,762,40,53,58,40,149,40,104,40,1064,45,40,122,40,70,40,213,40,52,40,123,40,62]},"bins": {"c_to_s": [9,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,2,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,1,0,1,1,0,0,1,0,1,1,1,0,1,0,0,1,1,0,0,1,0,1,1],"entropies": [4.638531685,4.760457039,4.611769199,5.768550396,4.503056526,5.575543404,5.615631580,4.553056717,5.640929699,7.709812641,4.680641174,4.708038807,4.874885082,4.592897415,6.317804813,4.453056812,5.923436165,4.453056812,7.776337624,4.335103989,4.830641270,6.163827896,4.780641556,5.454720020,4.621928692,6.573338509,4.730640888,4.776329994,4.621928692,6.159438610,4.571928978,4.925578117]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2142,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132831233,"flow_src_last_pkt_time":132831233,"flow_dst_last_pkt_time":132831233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":132831233,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":25282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2142,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_src_last_pkt_time":132831233,"flow_dst_last_pkt_time":132831233,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":132831233,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0BqoAAIARzHEKAAIPw7WX2XAJYsIAIGTAR05EED8VAQFUC1FLUlAGUk5BXS\/iNQlw"} +01147{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2142,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132831233,"flow_src_last_pkt_time":132831233,"flow_dst_last_pkt_time":132831233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":132831233,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":25282,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2143,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":2,"flow_src_last_pkt_time":132831544,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":132831544,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0jJMAAIARUAgKAAIPp3KqnHAJXSQAIHPdR05EED8WAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2144,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_src_last_pkt_time":132831688,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":132831688,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0v84AAIARvTMKAAIPc0U+Y3AJGMoAIFidR05EED8XAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2145,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_src_last_pkt_time":132831843,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":132831843,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0XroAAIARSzcKAAIPU5YxI3AJfsAAIB+VR05EED8YAQFUC1FLUlAGUk5BXS\/iNQlw"} @@ -1651,6 +1767,7 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2153,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":2,"flow_src_last_pkt_time":132833113,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":132833113,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0amgAAIARaXcKAAIPQoMYSHAJd\/cAIFBER05EED8gAQFUC1FLUlAGUk5BXS\/iNQlw"} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2154,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132833303,"flow_src_last_pkt_time":132833303,"flow_dst_last_pkt_time":132833303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":132833303,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":1032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2154,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_src_last_pkt_time":132833303,"flow_dst_last_pkt_time":132833303,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":132833303,"pkt":"UlQAEjUCCAAn5uVZCABFAAA02w8AAIARCzYKAAIPUOz3eHAJBAgAINaYR05EED8hAQFUC1FLUlAGUk5BXS\/iNQlw"} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2154,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132833303,"flow_src_last_pkt_time":132833303,"flow_dst_last_pkt_time":132833303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":132833303,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":1032,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2155,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_src_last_pkt_time":132833488,"flow_dst_last_pkt_time":71536330,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":132833488,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0alcAAIAR6coKAAIPy94OqnAJWyQAIO1XR05EED8iAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2156,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":2,"flow_src_last_pkt_time":132833697,"flow_dst_last_pkt_time":82061259,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":132833697,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xBIAAIARbZAKAAIPRZ23anAJGMoAIA0yR05EED8jAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2157,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":2,"flow_src_last_pkt_time":132834112,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":132834112,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0fT4AAIARi9MKAAIPwfpjnnAJGMoAIOSfR05EED8kAQFUC1FLUlAGUk5BXS\/iNQlw"} @@ -1696,9 +1813,9 @@ 01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2198,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":90072633,"flow_src_last_pkt_time":111444536,"flow_dst_last_pkt_time":90072633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":140848774,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.26.216.95","src_port":28681,"dst_port":13889,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2198,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":95754583,"flow_src_last_pkt_time":139695067,"flow_dst_last_pkt_time":139756356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":1454,"midstream":0,"thread_ts_usec":140848774,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00941{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2198,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":40005419,"flow_src_last_pkt_time":43055141,"flow_dst_last_pkt_time":40005419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":140848774,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":55708,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2198,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":93713981,"flow_src_last_pkt_time":93713981,"flow_dst_last_pkt_time":93713981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":140848774,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2198,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":93713981,"flow_src_last_pkt_time":93713981,"flow_dst_last_pkt_time":93713981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":140848774,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2198,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":95443212,"flow_src_last_pkt_time":116628818,"flow_dst_last_pkt_time":116858689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":2181,"midstream":0,"thread_ts_usec":140848774,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2198,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":93714209,"flow_src_last_pkt_time":93714209,"flow_dst_last_pkt_time":93714209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":140848774,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2198,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":93714209,"flow_src_last_pkt_time":93714209,"flow_dst_last_pkt_time":93714209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":140848774,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2198,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":90184128,"flow_src_last_pkt_time":111540517,"flow_dst_last_pkt_time":111857033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":1454,"midstream":0,"thread_ts_usec":140848774,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00761{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2198,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":90880863,"flow_src_last_pkt_time":111857897,"flow_dst_last_pkt_time":111887726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":271,"flow_dst_tot_l4_payload_len":2269,"midstream":0,"thread_ts_usec":140848774,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":28681,"dst_port":59596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2198,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":95784533,"flow_src_last_pkt_time":139724985,"flow_dst_last_pkt_time":139896214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":1454,"midstream":0,"thread_ts_usec":140848774,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -1831,10 +1948,10 @@ 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2340,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":4,"flow_src_last_pkt_time":174679514,"flow_dst_last_pkt_time":90183929,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_usec":174679514,"pkt":"UlQAEjUCCAAn5uVZCABFAAByGZAAAIAR6I4KAAIPXwrNQ3AJLVMAXqICi64xAn+qlf7Hx6x2vbwdZkQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2345,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":4,"flow_src_last_pkt_time":174723421,"flow_dst_last_pkt_time":90138798,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_usec":174723421,"pkt":"UlQAEjUCCAAn5uVZCABFAAByTNIAAIAR3owKAAIPUtmwNHAJHRYAXvfrMjIxAiB23I14WMaJ2e2MRkQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":123912514,"flow_src_last_pkt_time":123912514,"flow_dst_last_pkt_time":124065276,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.198.205.196","src_port":28681,"dst_port":20778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852470,"flow_src_last_pkt_time":131670910,"flow_dst_last_pkt_time":72852470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":131671769,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":131673544,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00748{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":70230940,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852470,"flow_src_last_pkt_time":131670910,"flow_dst_last_pkt_time":72852470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":131671769,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":131673544,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01179{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":70230940,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":13118832,"flow_src_last_pkt_time":15640687,"flow_dst_last_pkt_time":13118832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1073,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1073,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12876,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63957,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00943{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":15469932,"flow_src_last_pkt_time":22405999,"flow_dst_last_pkt_time":15469932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":624,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":624,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4368,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63964,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":124066131,"flow_src_last_pkt_time":124066131,"flow_dst_last_pkt_time":124181723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -1844,140 +1961,140 @@ 01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":124090579,"flow_src_last_pkt_time":124090579,"flow_dst_last_pkt_time":124090579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.212.91.155","src_port":28681,"dst_port":5195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00935{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":12827507,"flow_src_last_pkt_time":41755684,"flow_dst_last_pkt_time":12827507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":966,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01063{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":73950296,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":402,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535614,"flow_src_last_pkt_time":71535614,"flow_dst_last_pkt_time":71535614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535614,"flow_src_last_pkt_time":71535614,"flow_dst_last_pkt_time":71535614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00943{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":15284358,"flow_src_last_pkt_time":23969210,"flow_dst_last_pkt_time":15284358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1601,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":132832794,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":132832794,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":124090730,"flow_src_last_pkt_time":124090730,"flow_dst_last_pkt_time":124090730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536922,"flow_src_last_pkt_time":71536922,"flow_dst_last_pkt_time":71536922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":132834289,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540687,"flow_src_last_pkt_time":71540687,"flow_dst_last_pkt_time":71540687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.104","src_port":28681,"dst_port":11804,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537199,"flow_src_last_pkt_time":71537199,"flow_dst_last_pkt_time":71537199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71536330,"flow_src_last_pkt_time":132833488,"flow_dst_last_pkt_time":71536330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536922,"flow_src_last_pkt_time":71536922,"flow_dst_last_pkt_time":71536922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":132834289,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540687,"flow_src_last_pkt_time":71540687,"flow_dst_last_pkt_time":71540687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.104","src_port":28681,"dst_port":11804,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537199,"flow_src_last_pkt_time":71537199,"flow_dst_last_pkt_time":71537199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71536330,"flow_src_last_pkt_time":132833488,"flow_dst_last_pkt_time":71536330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00955{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":13118724,"flow_src_last_pkt_time":15640529,"flow_dst_last_pkt_time":13118724,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1091,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1091,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13092,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63958,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":15469659,"flow_src_last_pkt_time":21843510,"flow_dst_last_pkt_time":15469659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":624,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":624,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4368,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63965,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851488,"flow_src_last_pkt_time":72851488,"flow_dst_last_pkt_time":72851488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.225.140.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":131673854,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538650,"flow_src_last_pkt_time":71538650,"flow_dst_last_pkt_time":71538650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.39.154.69","src_port":28681,"dst_port":4832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":131672665,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":131669767,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851488,"flow_src_last_pkt_time":72851488,"flow_dst_last_pkt_time":72851488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.225.140.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":131673854,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538650,"flow_src_last_pkt_time":71538650,"flow_dst_last_pkt_time":71538650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.39.154.69","src_port":28681,"dst_port":4832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":131672665,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":131669767,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":129174578,"flow_src_last_pkt_time":129174578,"flow_dst_last_pkt_time":129174578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.197.97.94","src_port":28681,"dst_port":1360,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00933{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":12529525,"flow_src_last_pkt_time":43193100,"flow_dst_last_pkt_time":12529525,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":132834410,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":132834410,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":15285641,"flow_src_last_pkt_time":21297325,"flow_dst_last_pkt_time":15285641,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":95,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":475,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63960,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":72852834,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230444,"flow_src_last_pkt_time":70230444,"flow_dst_last_pkt_time":70230444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":72852834,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230444,"flow_src_last_pkt_time":70230444,"flow_dst_last_pkt_time":70230444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":129174282,"flow_src_last_pkt_time":129174282,"flow_dst_last_pkt_time":129344463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.226.85.105","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":70230046,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":70230046,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":12529625,"flow_src_last_pkt_time":43193303,"flow_dst_last_pkt_time":12529625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":132834112,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850054,"flow_src_last_pkt_time":72850054,"flow_dst_last_pkt_time":72850054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":1024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":132834112,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850054,"flow_src_last_pkt_time":72850054,"flow_dst_last_pkt_time":72850054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":1024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":124090360,"flow_src_last_pkt_time":124090360,"flow_dst_last_pkt_time":124090360,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540307,"flow_src_last_pkt_time":71540307,"flow_dst_last_pkt_time":71540307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":72849111,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540307,"flow_src_last_pkt_time":71540307,"flow_dst_last_pkt_time":71540307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":72849111,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":123912290,"flow_src_last_pkt_time":123912290,"flow_dst_last_pkt_time":123912290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.116.64.132","src_port":28681,"dst_port":51227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":71540796,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":71540796,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":129174425,"flow_src_last_pkt_time":129174425,"flow_dst_last_pkt_time":129174425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.10.169.10","src_port":28681,"dst_port":12799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":132832943,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536631,"flow_src_last_pkt_time":71536631,"flow_dst_last_pkt_time":71536631,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":72848739,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":131668865,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538933,"flow_src_last_pkt_time":71538933,"flow_dst_last_pkt_time":71538933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":131672247,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537931,"flow_src_last_pkt_time":71537931,"flow_dst_last_pkt_time":71537931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535977,"flow_src_last_pkt_time":71535977,"flow_dst_last_pkt_time":71535977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538247,"flow_src_last_pkt_time":71538247,"flow_dst_last_pkt_time":71538247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":132832943,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536631,"flow_src_last_pkt_time":71536631,"flow_dst_last_pkt_time":71536631,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":72848739,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":131668865,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538933,"flow_src_last_pkt_time":71538933,"flow_dst_last_pkt_time":71538933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":131672247,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537931,"flow_src_last_pkt_time":71537931,"flow_dst_last_pkt_time":71537931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535977,"flow_src_last_pkt_time":71535977,"flow_dst_last_pkt_time":71535977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538247,"flow_src_last_pkt_time":71538247,"flow_dst_last_pkt_time":71538247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00949{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":12461875,"flow_src_last_pkt_time":75501587,"flow_dst_last_pkt_time":12461875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":637,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":131672894,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":131673397,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":132832169,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537663,"flow_src_last_pkt_time":71537663,"flow_dst_last_pkt_time":71537663,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":71539248,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":131672894,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":131673397,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":132832169,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537663,"flow_src_last_pkt_time":71537663,"flow_dst_last_pkt_time":71537663,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":71539248,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00937{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":12529999,"flow_src_last_pkt_time":12529999,"flow_dst_last_pkt_time":12529999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":63717,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":123912731,"flow_src_last_pkt_time":123912731,"flow_dst_last_pkt_time":123912731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":71540385,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851799,"flow_src_last_pkt_time":72851799,"flow_dst_last_pkt_time":72851799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.86.173.45","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":71540385,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851799,"flow_src_last_pkt_time":72851799,"flow_dst_last_pkt_time":72851799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.86.173.45","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":124066283,"flow_src_last_pkt_time":124066283,"flow_dst_last_pkt_time":124066283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.129.233.60","src_port":28681,"dst_port":19990,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":70230689,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":70230689,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":12529920,"flow_src_last_pkt_time":12529920,"flow_dst_last_pkt_time":12529920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":63717,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539621,"flow_src_last_pkt_time":71539621,"flow_dst_last_pkt_time":71539621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538408,"flow_src_last_pkt_time":71538408,"flow_dst_last_pkt_time":71538408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":132831544,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539621,"flow_src_last_pkt_time":71539621,"flow_dst_last_pkt_time":71539621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538408,"flow_src_last_pkt_time":71538408,"flow_dst_last_pkt_time":71538408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2367,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":132831544,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":175759013,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2376,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":5,"flow_src_last_pkt_time":176659427,"flow_dst_last_pkt_time":174302614,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":176659427,"pkt":"UlQAEjUCCAAn5uVZCABFAAEEB2MAAIARC6IKAAIPVoHEVHAJJrsA8Ju3hzsxAoTVJxqSAcx62iZA40QAANEAAAADR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAATmnBkoAUdUS0cAACidCo0G3v\/IJjwziXwskXn9hKthBF0v4jVwCTgZnrrTUxbZJrkUeNZFbiSwaUPdUFJPWAAAAGjDCWNsaWVudC1pZFB06DECQUyfthersQyXYFlKCGZlYXR1cmVzQQALZnd0LXZlcnNpb25BAARwb3J0QnAJB3Byb3hpZXNcBkuFZV3MjwZonOJI0AoGaO6s+lv8Brw9NLcuTIN0bHNBEA=="} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2378,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":5,"flow_src_last_pkt_time":176694790,"flow_dst_last_pkt_time":174522506,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":176694790,"pkt":"UlQAEjUCCAAn5uVZCABFAAEEbeYAAIARLn0KAAIPvsDStnAJGmIA8HJpECYxAl4hUBS6j51o4bcCHkQAANEAAAADR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAAQZ71djAUdUS0cAACidCo0G3v\/IJjwziXwskXn9hKthBF0v4jVwCTgZnrrTUxbZJrkUeNZFbiSwaUPdUFJPWAAAAGjDCWNsaWVudC1pZFB06DECQUyfthersQyXYFlKCGZlYXR1cmVzQQALZnd0LXZlcnNpb25BAARwb3J0QnAJB3Byb3hpZXNcBkuFZV3MjwZonOJI0AoGaO6s+lv8Brw9NLcuTIN0bHNBEA=="} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2380,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":5,"flow_src_last_pkt_time":176963996,"flow_dst_last_pkt_time":168428006,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_usec":176963996,"pkt":"UlQAEjUCCAAn5uVZCABFAAEEYsAAAIAR24wKAAIPP+SvqXAJB5AA8C43AtcxAttFob+ywEqN0u01GkQAANEAAAADR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAAQC89xEAUdUS0cAACidCo0G3v\/IJjwziXwskXn9hKthBF0v4jVwCTgZnrrTUxbZJrkUeNZFbiSwaUPdUFJPWAAAAGjDCWNsaWVudC1pZFB06DECQUyfthersQyXYFlKCGZlYXR1cmVzQQALZnd0LXZlcnNpb25BAARwb3J0QnAJB3Byb3hpZXNcBkuFZV3MjwZonOJI0AoGaO6s+lv8Brw9NLcuTIN0bHNBEA=="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2387,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":4,"flow_src_last_pkt_time":179735999,"flow_dst_last_pkt_time":95264285,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_usec":179735999,"pkt":"UlQAEjUCCAAn5uVZCABFAAByeiIAAIARB1AKAAIPUc1bLXAJnMkAXpLzWrIxAjQ2OOfl5guL5cdwm0QAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2418,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":5,"flow_src_last_pkt_time":182706957,"flow_dst_last_pkt_time":122157131,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":182706957,"pkt":"UlQAEjUCCAAn5uVZCABFAAA5tikAAIARac4KAAIPDsj\/5XAJkMIAJT+nKJAxAsEbZuf\/FzJ0h\/hQAwABAAYAAADDg0dVRUA="} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060300,"flow_src_last_pkt_time":82060300,"flow_dst_last_pkt_time":82060300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":131671934,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":131670725,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":82062444,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064076,"flow_src_last_pkt_time":82064076,"flow_dst_last_pkt_time":82064076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.127.72.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132833303,"flow_src_last_pkt_time":132833303,"flow_dst_last_pkt_time":132833303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":1032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":131671537,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":132832031,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132831233,"flow_src_last_pkt_time":132831233,"flow_dst_last_pkt_time":132831233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":25282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060300,"flow_src_last_pkt_time":82060300,"flow_dst_last_pkt_time":82060300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":131671934,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":131670725,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":82062444,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064076,"flow_src_last_pkt_time":82064076,"flow_dst_last_pkt_time":82064076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.127.72.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132833303,"flow_src_last_pkt_time":132833303,"flow_dst_last_pkt_time":132833303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":1032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":131671537,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":132832031,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132831233,"flow_src_last_pkt_time":132831233,"flow_dst_last_pkt_time":132831233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":25282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":83564038,"flow_src_last_pkt_time":83564038,"flow_dst_last_pkt_time":83804788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":91,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":9239,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":83520153,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519791,"flow_src_last_pkt_time":83519791,"flow_dst_last_pkt_time":83519791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"126.117.45.151","src_port":28681,"dst_port":19323,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057536,"flow_src_last_pkt_time":82057536,"flow_dst_last_pkt_time":82057536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.182.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064449,"flow_src_last_pkt_time":82064449,"flow_dst_last_pkt_time":82064449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.182.171.50","src_port":28681,"dst_port":15180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":82063378,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":132832434,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063492,"flow_src_last_pkt_time":82063492,"flow_dst_last_pkt_time":82063492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061887,"flow_src_last_pkt_time":82061887,"flow_dst_last_pkt_time":82061887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.177.5.135","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059148,"flow_src_last_pkt_time":82059148,"flow_dst_last_pkt_time":82059148,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.159.111","src_port":28681,"dst_port":44729,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518912,"flow_src_last_pkt_time":83518912,"flow_dst_last_pkt_time":83518912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.169.215.227","src_port":28681,"dst_port":26820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063616,"flow_src_last_pkt_time":82063616,"flow_dst_last_pkt_time":82063616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.44.126.74","src_port":28681,"dst_port":54633,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060041,"flow_src_last_pkt_time":82060041,"flow_dst_last_pkt_time":82060041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.162.52.93","src_port":28681,"dst_port":34799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":82062863,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":82063260,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066069,"flow_src_last_pkt_time":82066069,"flow_dst_last_pkt_time":82066069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.166.132.204","src_port":28681,"dst_port":11194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065387,"flow_src_last_pkt_time":82065387,"flow_dst_last_pkt_time":82065387,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"120.156.204.38","src_port":28681,"dst_port":54832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064635,"flow_src_last_pkt_time":82064635,"flow_dst_last_pkt_time":82064635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.73.129.26","src_port":28681,"dst_port":53585,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066178,"flow_src_last_pkt_time":82066178,"flow_dst_last_pkt_time":82066178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.242.191.215","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066316,"flow_src_last_pkt_time":82066316,"flow_dst_last_pkt_time":82066316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.64.215","src_port":28681,"dst_port":25058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82060665,"flow_src_last_pkt_time":131672987,"flow_dst_last_pkt_time":82060665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":132833113,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518339,"flow_src_last_pkt_time":83518339,"flow_dst_last_pkt_time":83518339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.3.223","src_port":28681,"dst_port":12848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064299,"flow_src_last_pkt_time":82064299,"flow_dst_last_pkt_time":82064299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059900,"flow_src_last_pkt_time":82059900,"flow_dst_last_pkt_time":82059900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.157.59.43","src_port":28681,"dst_port":56919,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":82057972,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519424,"flow_src_last_pkt_time":83519424,"flow_dst_last_pkt_time":83519424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":82061139,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059383,"flow_src_last_pkt_time":131671261,"flow_dst_last_pkt_time":82059383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":131673716,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":132834557,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063123,"flow_src_last_pkt_time":82063123,"flow_dst_last_pkt_time":82063123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.195.105.243","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":82058634,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061491,"flow_src_last_pkt_time":82061491,"flow_dst_last_pkt_time":82061491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"178.51.146.115","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062738,"flow_src_last_pkt_time":82062738,"flow_dst_last_pkt_time":82062738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.182.44.202","src_port":28681,"dst_port":30277,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":83518597,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":132832598,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":82060415,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":132831843,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060791,"flow_src_last_pkt_time":82060791,"flow_dst_last_pkt_time":82060791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.74.159.56","src_port":28681,"dst_port":29271,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":82062565,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059497,"flow_src_last_pkt_time":131670469,"flow_dst_last_pkt_time":82059497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":82058913,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062993,"flow_src_last_pkt_time":131669387,"flow_dst_last_pkt_time":82062993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82061259,"flow_src_last_pkt_time":132833697,"flow_dst_last_pkt_time":82061259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.157.183.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065828,"flow_src_last_pkt_time":82065828,"flow_dst_last_pkt_time":82065828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.29.197.138","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":132831688,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062130,"flow_src_last_pkt_time":131672351,"flow_dst_last_pkt_time":82062130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517645,"flow_src_last_pkt_time":83517645,"flow_dst_last_pkt_time":83517645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.120.146","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519999,"flow_src_last_pkt_time":83519999,"flow_dst_last_pkt_time":83519999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.52.115","src_port":28681,"dst_port":53956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517985,"flow_src_last_pkt_time":83517985,"flow_dst_last_pkt_time":83517985,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"186.93.139.92","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":131668560,"flow_src_last_pkt_time":131668560,"flow_dst_last_pkt_time":131668560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"187.37.87.189","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":132832301,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057279,"flow_src_last_pkt_time":82057279,"flow_dst_last_pkt_time":82057279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"174.115.111.224","src_port":28681,"dst_port":51984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065036,"flow_src_last_pkt_time":82065036,"flow_dst_last_pkt_time":82065036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063782,"flow_src_last_pkt_time":82063782,"flow_dst_last_pkt_time":82063782,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.150.126.156","src_port":28681,"dst_port":16471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061374,"flow_src_last_pkt_time":82061374,"flow_dst_last_pkt_time":82061374,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.46.253.7","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059277,"flow_src_last_pkt_time":131673144,"flow_dst_last_pkt_time":82059277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519593,"flow_src_last_pkt_time":83519593,"flow_dst_last_pkt_time":83519593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"212.68.248.153","src_port":28681,"dst_port":27223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":82058413,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065556,"flow_src_last_pkt_time":82065556,"flow_dst_last_pkt_time":82065556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.126.240.32","src_port":28681,"dst_port":45313,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065172,"flow_src_last_pkt_time":82065172,"flow_dst_last_pkt_time":82065172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":83520153,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519791,"flow_src_last_pkt_time":83519791,"flow_dst_last_pkt_time":83519791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"126.117.45.151","src_port":28681,"dst_port":19323,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057536,"flow_src_last_pkt_time":82057536,"flow_dst_last_pkt_time":82057536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.182.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064449,"flow_src_last_pkt_time":82064449,"flow_dst_last_pkt_time":82064449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.182.171.50","src_port":28681,"dst_port":15180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":82063378,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":132832434,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063492,"flow_src_last_pkt_time":82063492,"flow_dst_last_pkt_time":82063492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061887,"flow_src_last_pkt_time":82061887,"flow_dst_last_pkt_time":82061887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.177.5.135","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059148,"flow_src_last_pkt_time":82059148,"flow_dst_last_pkt_time":82059148,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.159.111","src_port":28681,"dst_port":44729,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518912,"flow_src_last_pkt_time":83518912,"flow_dst_last_pkt_time":83518912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.169.215.227","src_port":28681,"dst_port":26820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063616,"flow_src_last_pkt_time":82063616,"flow_dst_last_pkt_time":82063616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.44.126.74","src_port":28681,"dst_port":54633,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060041,"flow_src_last_pkt_time":82060041,"flow_dst_last_pkt_time":82060041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.162.52.93","src_port":28681,"dst_port":34799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":82062863,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":82063260,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066069,"flow_src_last_pkt_time":82066069,"flow_dst_last_pkt_time":82066069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.166.132.204","src_port":28681,"dst_port":11194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065387,"flow_src_last_pkt_time":82065387,"flow_dst_last_pkt_time":82065387,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"120.156.204.38","src_port":28681,"dst_port":54832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064635,"flow_src_last_pkt_time":82064635,"flow_dst_last_pkt_time":82064635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.73.129.26","src_port":28681,"dst_port":53585,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066178,"flow_src_last_pkt_time":82066178,"flow_dst_last_pkt_time":82066178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.242.191.215","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066316,"flow_src_last_pkt_time":82066316,"flow_dst_last_pkt_time":82066316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.64.215","src_port":28681,"dst_port":25058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82060665,"flow_src_last_pkt_time":131672987,"flow_dst_last_pkt_time":82060665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":132833113,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518339,"flow_src_last_pkt_time":83518339,"flow_dst_last_pkt_time":83518339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.3.223","src_port":28681,"dst_port":12848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064299,"flow_src_last_pkt_time":82064299,"flow_dst_last_pkt_time":82064299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059900,"flow_src_last_pkt_time":82059900,"flow_dst_last_pkt_time":82059900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.157.59.43","src_port":28681,"dst_port":56919,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":82057972,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519424,"flow_src_last_pkt_time":83519424,"flow_dst_last_pkt_time":83519424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":82061139,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059383,"flow_src_last_pkt_time":131671261,"flow_dst_last_pkt_time":82059383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":131673716,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":132834557,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063123,"flow_src_last_pkt_time":82063123,"flow_dst_last_pkt_time":82063123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.195.105.243","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":82058634,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061491,"flow_src_last_pkt_time":82061491,"flow_dst_last_pkt_time":82061491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"178.51.146.115","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062738,"flow_src_last_pkt_time":82062738,"flow_dst_last_pkt_time":82062738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.182.44.202","src_port":28681,"dst_port":30277,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":83518597,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":132832598,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":82060415,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":132831843,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060791,"flow_src_last_pkt_time":82060791,"flow_dst_last_pkt_time":82060791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.74.159.56","src_port":28681,"dst_port":29271,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":82062565,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059497,"flow_src_last_pkt_time":131670469,"flow_dst_last_pkt_time":82059497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":82058913,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062993,"flow_src_last_pkt_time":131669387,"flow_dst_last_pkt_time":82062993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82061259,"flow_src_last_pkt_time":132833697,"flow_dst_last_pkt_time":82061259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.157.183.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065828,"flow_src_last_pkt_time":82065828,"flow_dst_last_pkt_time":82065828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.29.197.138","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":132831688,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062130,"flow_src_last_pkt_time":131672351,"flow_dst_last_pkt_time":82062130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517645,"flow_src_last_pkt_time":83517645,"flow_dst_last_pkt_time":83517645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.120.146","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519999,"flow_src_last_pkt_time":83519999,"flow_dst_last_pkt_time":83519999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.52.115","src_port":28681,"dst_port":53956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517985,"flow_src_last_pkt_time":83517985,"flow_dst_last_pkt_time":83517985,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"186.93.139.92","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":131668560,"flow_src_last_pkt_time":131668560,"flow_dst_last_pkt_time":131668560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"187.37.87.189","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":132832301,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057279,"flow_src_last_pkt_time":82057279,"flow_dst_last_pkt_time":82057279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"174.115.111.224","src_port":28681,"dst_port":51984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065036,"flow_src_last_pkt_time":82065036,"flow_dst_last_pkt_time":82065036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063782,"flow_src_last_pkt_time":82063782,"flow_dst_last_pkt_time":82063782,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.150.126.156","src_port":28681,"dst_port":16471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061374,"flow_src_last_pkt_time":82061374,"flow_dst_last_pkt_time":82061374,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.46.253.7","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059277,"flow_src_last_pkt_time":131673144,"flow_dst_last_pkt_time":82059277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519593,"flow_src_last_pkt_time":83519593,"flow_dst_last_pkt_time":83519593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"212.68.248.153","src_port":28681,"dst_port":27223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":82058413,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065556,"flow_src_last_pkt_time":82065556,"flow_dst_last_pkt_time":82065556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.126.240.32","src_port":28681,"dst_port":45313,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065172,"flow_src_last_pkt_time":82065172,"flow_dst_last_pkt_time":82065172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":183044667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 02349{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2427,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":71205609,"flow_src_last_pkt_time":187576304,"flow_dst_last_pkt_time":187064352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":1065,"flow_src_tot_l4_payload_len":713,"flow_dst_tot_l4_payload_len":3012,"midstream":0,"thread_ts_usec":187576304,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.208.180.181","src_port":50249,"dst_port":45883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":276,"avg":7491272.5,"max":55455380,"stddev":14262251.0,"var":203411798622208.0,"ent":3.2,"data": [106993,107336,276,805,178388,179820,1439,41004,98031,375723,432936,10046845,10046768,42293,94463,6595038,6594815,3591919,3643921,39217,93460,24009088,24063297,605105,604823,14641110,23768,14665256,55396943,55455380,453178]},"pktlen": {"min":40,"avg":156.9,"max":1105,"stddev":244.6,"var":59812.5,"ent":4.0,"data": [52,44,40,343,40,323,143,40,912,40,149,40,104,40,1105,40,200,40,70,40,189,40,52,40,123,40,64,489,40,50,40,49]},"bins": {"c_to_s": [11,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,0,0,1,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,0,0],"entropies": [4.624014378,4.624093533,4.730641365,5.758390427,4.553056717,5.558244705,5.696007252,4.621928692,7.730160713,4.830641270,6.349717140,4.521929264,5.981128693,4.571928978,7.767892838,4.780641556,6.727245331,4.730641365,5.454720020,4.603056908,6.642654419,4.780641079,4.853253365,4.671928883,6.256999493,4.671928883,5.061660290,7.508594036,4.830641270,4.642780781,4.780641556,4.618614674]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2432,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_src_last_pkt_time":191700213,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":191700213,"pkt":"UlQAEjUCCAAn5uVZCABFAAA00HEAAIARI3sKAAIPfCy+kXAJJ7oAIMCGR05EED8oAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2433,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_src_last_pkt_time":191700445,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":191700445,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0uoEAAIARu5gKAAIPXFhcOHAJUhEAIBhcR05EED8pAQFUC1FLUlAGUk5BXS\/iNQlw"} @@ -2048,9 +2165,9 @@ 00941{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":40005419,"flow_src_last_pkt_time":43055141,"flow_dst_last_pkt_time":40005419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":55708,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":139669712,"flow_src_last_pkt_time":139669712,"flow_dst_last_pkt_time":139669712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.224.174.174","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":139506403,"flow_src_last_pkt_time":139506403,"flow_dst_last_pkt_time":139506403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.35.85.238","src_port":28681,"dst_port":32173,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":93713981,"flow_src_last_pkt_time":93713981,"flow_dst_last_pkt_time":93713981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":93713981,"flow_src_last_pkt_time":93713981,"flow_dst_last_pkt_time":93713981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":95443212,"flow_src_last_pkt_time":176333600,"flow_dst_last_pkt_time":176562520,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":3741,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":93714209,"flow_src_last_pkt_time":192907093,"flow_dst_last_pkt_time":93714209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":93714209,"flow_src_last_pkt_time":192907093,"flow_dst_last_pkt_time":93714209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":90184128,"flow_src_last_pkt_time":179814808,"flow_dst_last_pkt_time":180130949,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":561,"flow_dst_tot_l4_payload_len":3014,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00762{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":90880863,"flow_src_last_pkt_time":176255689,"flow_dst_last_pkt_time":176285010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":670,"flow_dst_tot_l4_payload_len":3829,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":28681,"dst_port":59596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2473,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":95784533,"flow_src_last_pkt_time":139724985,"flow_dst_last_pkt_time":139896214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":1454,"midstream":0,"thread_ts_usec":193763657,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -2169,158 +2286,163 @@ 01073{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":90744824,"flow_src_last_pkt_time":91058830,"flow_dst_last_pkt_time":98168368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":600,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.238.145.82","src_port":50306,"dst_port":33527,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01070{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":90743600,"flow_src_last_pkt_time":90897166,"flow_dst_last_pkt_time":101917395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":597,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":597,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.64.6.175","src_port":50302,"dst_port":4743,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":123912514,"flow_src_last_pkt_time":123912514,"flow_dst_last_pkt_time":124065276,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.198.205.196","src_port":28681,"dst_port":20778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852470,"flow_src_last_pkt_time":131670910,"flow_dst_last_pkt_time":72852470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":191702893,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":191702410,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852470,"flow_src_last_pkt_time":131670910,"flow_dst_last_pkt_time":72852470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":191702893,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":191702410,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":174322734,"flow_src_last_pkt_time":174322734,"flow_dst_last_pkt_time":174322734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.8.55.158","src_port":28681,"dst_port":51140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00748{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":70230940,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01179{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":70230940,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":174322199,"flow_src_last_pkt_time":174322199,"flow_dst_last_pkt_time":174322199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.23.24.213","src_port":28681,"dst_port":18561,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":124066131,"flow_src_last_pkt_time":124066131,"flow_dst_last_pkt_time":124181723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":129345202,"flow_src_last_pkt_time":129345202,"flow_dst_last_pkt_time":129345202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.250.253.99","src_port":28681,"dst_port":11819,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":124090579,"flow_src_last_pkt_time":124090579,"flow_dst_last_pkt_time":124090579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.212.91.155","src_port":28681,"dst_port":5195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01064{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":192636357,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535614,"flow_src_last_pkt_time":71535614,"flow_dst_last_pkt_time":71535614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":132832794,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535614,"flow_src_last_pkt_time":71535614,"flow_dst_last_pkt_time":71535614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":132832794,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":124090730,"flow_src_last_pkt_time":124090730,"flow_dst_last_pkt_time":124090730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536922,"flow_src_last_pkt_time":71536922,"flow_dst_last_pkt_time":71536922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":191702228,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540687,"flow_src_last_pkt_time":71540687,"flow_dst_last_pkt_time":71540687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.104","src_port":28681,"dst_port":11804,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537199,"flow_src_last_pkt_time":71537199,"flow_dst_last_pkt_time":71537199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71536330,"flow_src_last_pkt_time":132833488,"flow_dst_last_pkt_time":71536330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851488,"flow_src_last_pkt_time":72851488,"flow_dst_last_pkt_time":72851488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.225.140.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":191701830,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538650,"flow_src_last_pkt_time":71538650,"flow_dst_last_pkt_time":71538650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.39.154.69","src_port":28681,"dst_port":4832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":192908508,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":192908332,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536922,"flow_src_last_pkt_time":71536922,"flow_dst_last_pkt_time":71536922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":191702228,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540687,"flow_src_last_pkt_time":71540687,"flow_dst_last_pkt_time":71540687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.104","src_port":28681,"dst_port":11804,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537199,"flow_src_last_pkt_time":71537199,"flow_dst_last_pkt_time":71537199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71536330,"flow_src_last_pkt_time":132833488,"flow_dst_last_pkt_time":71536330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851488,"flow_src_last_pkt_time":72851488,"flow_dst_last_pkt_time":72851488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.225.140.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":191701830,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538650,"flow_src_last_pkt_time":71538650,"flow_dst_last_pkt_time":71538650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.39.154.69","src_port":28681,"dst_port":4832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":192908508,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":192908332,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":129174578,"flow_src_last_pkt_time":129174578,"flow_dst_last_pkt_time":129174578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.197.97.94","src_port":28681,"dst_port":1360,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":174343218,"flow_src_last_pkt_time":174343218,"flow_dst_last_pkt_time":174343218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":28681,"dst_port":36728,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00933{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":12529525,"flow_src_last_pkt_time":43193100,"flow_dst_last_pkt_time":12529525,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":192908160,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":192908160,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":168840831,"flow_src_last_pkt_time":174342629,"flow_dst_last_pkt_time":168840831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":38297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":192908239,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230444,"flow_src_last_pkt_time":70230444,"flow_dst_last_pkt_time":70230444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":192908239,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230444,"flow_src_last_pkt_time":70230444,"flow_dst_last_pkt_time":70230444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":129174282,"flow_src_last_pkt_time":129174282,"flow_dst_last_pkt_time":129344463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.226.85.105","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":70230046,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":70230046,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00947{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":12529625,"flow_src_last_pkt_time":43193303,"flow_dst_last_pkt_time":12529625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":192907861,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850054,"flow_src_last_pkt_time":72850054,"flow_dst_last_pkt_time":72850054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":1024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":192907861,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850054,"flow_src_last_pkt_time":72850054,"flow_dst_last_pkt_time":72850054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":1024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":124090360,"flow_src_last_pkt_time":124090360,"flow_dst_last_pkt_time":124090360,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540307,"flow_src_last_pkt_time":71540307,"flow_dst_last_pkt_time":71540307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":72849111,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540307,"flow_src_last_pkt_time":71540307,"flow_dst_last_pkt_time":71540307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":72849111,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":123912290,"flow_src_last_pkt_time":123912290,"flow_dst_last_pkt_time":123912290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.116.64.132","src_port":28681,"dst_port":51227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":191700213,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":191700213,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":129174425,"flow_src_last_pkt_time":129174425,"flow_dst_last_pkt_time":129174425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.10.169.10","src_port":28681,"dst_port":12799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":191701031,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536631,"flow_src_last_pkt_time":71536631,"flow_dst_last_pkt_time":71536631,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":191703012,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":131668865,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538933,"flow_src_last_pkt_time":71538933,"flow_dst_last_pkt_time":71538933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":191702525,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537931,"flow_src_last_pkt_time":71537931,"flow_dst_last_pkt_time":71537931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535977,"flow_src_last_pkt_time":71535977,"flow_dst_last_pkt_time":71535977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538247,"flow_src_last_pkt_time":71538247,"flow_dst_last_pkt_time":71538247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":191701031,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536631,"flow_src_last_pkt_time":71536631,"flow_dst_last_pkt_time":71536631,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":191703012,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":131668865,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538933,"flow_src_last_pkt_time":71538933,"flow_dst_last_pkt_time":71538933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":191702525,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537931,"flow_src_last_pkt_time":71537931,"flow_dst_last_pkt_time":71537931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535977,"flow_src_last_pkt_time":71535977,"flow_dst_last_pkt_time":71535977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538247,"flow_src_last_pkt_time":71538247,"flow_dst_last_pkt_time":71538247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00949{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":12461875,"flow_src_last_pkt_time":75501587,"flow_dst_last_pkt_time":12461875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":637,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":174303564,"flow_src_last_pkt_time":174303564,"flow_dst_last_pkt_time":174323550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":191702681,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":191700841,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":192908134,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537663,"flow_src_last_pkt_time":71537663,"flow_dst_last_pkt_time":71537663,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":71539248,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":191702681,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":191700841,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":192908134,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537663,"flow_src_last_pkt_time":71537663,"flow_dst_last_pkt_time":71537663,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":71539248,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":123912731,"flow_src_last_pkt_time":123912731,"flow_dst_last_pkt_time":123912731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":191701286,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851799,"flow_src_last_pkt_time":72851799,"flow_dst_last_pkt_time":72851799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.86.173.45","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":191701286,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851799,"flow_src_last_pkt_time":72851799,"flow_dst_last_pkt_time":72851799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.86.173.45","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":124066283,"flow_src_last_pkt_time":124066283,"flow_dst_last_pkt_time":124066283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.129.233.60","src_port":28681,"dst_port":19990,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":70230689,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539621,"flow_src_last_pkt_time":71539621,"flow_dst_last_pkt_time":71539621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":70230689,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539621,"flow_src_last_pkt_time":71539621,"flow_dst_last_pkt_time":71539621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":174342792,"flow_src_last_pkt_time":174342792,"flow_dst_last_pkt_time":174648242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538408,"flow_src_last_pkt_time":71538408,"flow_dst_last_pkt_time":71538408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":192908402,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538408,"flow_src_last_pkt_time":71538408,"flow_dst_last_pkt_time":71538408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":192908402,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":222018990,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238441,"flow_src_last_pkt_time":229238441,"flow_dst_last_pkt_time":229238441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":229238441,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.56.198","src_port":28681,"dst_port":11984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_src_last_pkt_time":229238441,"flow_dst_last_pkt_time":229238441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":229238441,"pkt":"UlQAEjUCCAAn5uVZCABFAABpeXIAAIARIJEKAAIPW6w4xnAJLtAAVXM5R05EED9JAQFMQVEyUApVRFBdL+I1CXBBRaArSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2494,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238441,"flow_src_last_pkt_time":229238441,"flow_dst_last_pkt_time":229238441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":229238441,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.56.198","src_port":28681,"dst_port":11984,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2495,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238800,"flow_src_last_pkt_time":229238800,"flow_dst_last_pkt_time":229238800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":229238800,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.131.202.24","src_port":28681,"dst_port":44748,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2495,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_src_last_pkt_time":229238800,"flow_dst_last_pkt_time":229238800,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":229238800,"pkt":"UlQAEjUCCAAn5uVZCABFAABp+fkAAIAR\/N8KAAIPbYPKGHAJrswAVYv2R05EED9KAQFMQVEyUApVRFBdL+I1CXA\/EL4kSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2495,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238800,"flow_src_last_pkt_time":229238800,"flow_dst_last_pkt_time":229238800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":229238800,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.131.202.24","src_port":28681,"dst_port":44748,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2496,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239365,"flow_src_last_pkt_time":229239365,"flow_dst_last_pkt_time":229239365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":229239365,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.185.126","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2496,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_src_last_pkt_time":229239365,"flow_dst_last_pkt_time":229239365,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":229239365,"pkt":"UlQAEjUCCAAn5uVZCABFAABpnhUAAIARey4KAAIPW7O5fnAJGMoAVSnyR05EED9LAQFMQVEyUApVRFBdL+I1CXBXghXNSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2496,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239365,"flow_src_last_pkt_time":229239365,"flow_dst_last_pkt_time":229239365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":229239365,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.185.126","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2497,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239821,"flow_src_last_pkt_time":229239821,"flow_dst_last_pkt_time":229239821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":229239821,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.122.233.15","src_port":28681,"dst_port":11488,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2497,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_src_last_pkt_time":229239821,"flow_dst_last_pkt_time":229239821,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":229239821,"pkt":"UlQAEjUCCAAn5uVZCABFAABpd+QAAIARdQcKAAIPWHrpD3AJLOAAVT9CR05EED9MAQFMQVEyUApVRFBdL+I1CXDHjOZsSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2497,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239821,"flow_src_last_pkt_time":229239821,"flow_dst_last_pkt_time":229239821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":229239821,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.122.233.15","src_port":28681,"dst_port":11488,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2498,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229240388,"flow_src_last_pkt_time":229240388,"flow_dst_last_pkt_time":229240388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":229240388,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.35.190.5","src_port":28681,"dst_port":18604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2498,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_src_last_pkt_time":229240388,"flow_dst_last_pkt_time":229240388,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":229240388,"pkt":"UlQAEjUCCAAn5uVZCABFAABpQyQAAIAR7ygKAAIPPiO+BXAJSKwAVQDtR05EED9NAQFMQVEyUApVRFBdL+I1CXAx8WVwSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2498,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229240388,"flow_src_last_pkt_time":229240388,"flow_dst_last_pkt_time":229240388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":229240388,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.35.190.5","src_port":28681,"dst_port":18604,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00939{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":40005419,"flow_src_last_pkt_time":43055141,"flow_dst_last_pkt_time":40005419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":55708,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00931{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":12529525,"flow_src_last_pkt_time":43193100,"flow_dst_last_pkt_time":12529525,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01074{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":90738015,"flow_src_last_pkt_time":106390698,"flow_dst_last_pkt_time":115276904,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":599,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":599,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.7.155.210","src_port":50291,"dst_port":28365,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":12529625,"flow_src_last_pkt_time":43193303,"flow_dst_last_pkt_time":12529625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060300,"flow_src_last_pkt_time":82060300,"flow_dst_last_pkt_time":82060300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":131671934,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":131670725,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":191703548,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064076,"flow_src_last_pkt_time":82064076,"flow_dst_last_pkt_time":82064076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.127.72.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132833303,"flow_src_last_pkt_time":132833303,"flow_dst_last_pkt_time":132833303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":1032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":191701647,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":192907400,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132831233,"flow_src_last_pkt_time":132831233,"flow_dst_last_pkt_time":132831233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":25282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060300,"flow_src_last_pkt_time":82060300,"flow_dst_last_pkt_time":82060300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":131671934,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":131670725,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":191703548,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064076,"flow_src_last_pkt_time":82064076,"flow_dst_last_pkt_time":82064076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.127.72.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132833303,"flow_src_last_pkt_time":132833303,"flow_dst_last_pkt_time":132833303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":1032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":191701647,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":192907400,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132831233,"flow_src_last_pkt_time":132831233,"flow_dst_last_pkt_time":132831233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":25282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":83564038,"flow_src_last_pkt_time":83564038,"flow_dst_last_pkt_time":83804788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":91,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":9239,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":192907327,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519791,"flow_src_last_pkt_time":83519791,"flow_dst_last_pkt_time":83519791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"126.117.45.151","src_port":28681,"dst_port":19323,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057536,"flow_src_last_pkt_time":82057536,"flow_dst_last_pkt_time":82057536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.182.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064449,"flow_src_last_pkt_time":82064449,"flow_dst_last_pkt_time":82064449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.182.171.50","src_port":28681,"dst_port":15180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":82063378,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":132832434,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063492,"flow_src_last_pkt_time":82063492,"flow_dst_last_pkt_time":82063492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061887,"flow_src_last_pkt_time":82061887,"flow_dst_last_pkt_time":82061887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.177.5.135","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059148,"flow_src_last_pkt_time":82059148,"flow_dst_last_pkt_time":82059148,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.159.111","src_port":28681,"dst_port":44729,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518912,"flow_src_last_pkt_time":83518912,"flow_dst_last_pkt_time":83518912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.169.215.227","src_port":28681,"dst_port":26820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063616,"flow_src_last_pkt_time":82063616,"flow_dst_last_pkt_time":82063616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.44.126.74","src_port":28681,"dst_port":54633,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060041,"flow_src_last_pkt_time":82060041,"flow_dst_last_pkt_time":82060041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.162.52.93","src_port":28681,"dst_port":34799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":191700445,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":191704123,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066069,"flow_src_last_pkt_time":82066069,"flow_dst_last_pkt_time":82066069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.166.132.204","src_port":28681,"dst_port":11194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065387,"flow_src_last_pkt_time":82065387,"flow_dst_last_pkt_time":82065387,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"120.156.204.38","src_port":28681,"dst_port":54832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064635,"flow_src_last_pkt_time":82064635,"flow_dst_last_pkt_time":82064635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.73.129.26","src_port":28681,"dst_port":53585,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066178,"flow_src_last_pkt_time":82066178,"flow_dst_last_pkt_time":82066178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.242.191.215","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066316,"flow_src_last_pkt_time":82066316,"flow_dst_last_pkt_time":82066316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.64.215","src_port":28681,"dst_port":25058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060665,"flow_src_last_pkt_time":192907653,"flow_dst_last_pkt_time":82060665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":132833113,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518339,"flow_src_last_pkt_time":83518339,"flow_dst_last_pkt_time":83518339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.3.223","src_port":28681,"dst_port":12848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064299,"flow_src_last_pkt_time":82064299,"flow_dst_last_pkt_time":82064299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059900,"flow_src_last_pkt_time":82059900,"flow_dst_last_pkt_time":82059900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.157.59.43","src_port":28681,"dst_port":56919,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":191703986,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519424,"flow_src_last_pkt_time":83519424,"flow_dst_last_pkt_time":83519424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":82061139,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059383,"flow_src_last_pkt_time":131671261,"flow_dst_last_pkt_time":82059383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":191703710,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":191700671,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063123,"flow_src_last_pkt_time":82063123,"flow_dst_last_pkt_time":82063123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.195.105.243","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":191704243,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061491,"flow_src_last_pkt_time":82061491,"flow_dst_last_pkt_time":82061491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"178.51.146.115","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062738,"flow_src_last_pkt_time":82062738,"flow_dst_last_pkt_time":82062738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.182.44.202","src_port":28681,"dst_port":30277,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":83518597,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":132832598,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":191701486,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":191703174,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060791,"flow_src_last_pkt_time":82060791,"flow_dst_last_pkt_time":82060791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.74.159.56","src_port":28681,"dst_port":29271,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":82062565,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":192907327,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519791,"flow_src_last_pkt_time":83519791,"flow_dst_last_pkt_time":83519791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"126.117.45.151","src_port":28681,"dst_port":19323,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057536,"flow_src_last_pkt_time":82057536,"flow_dst_last_pkt_time":82057536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.182.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064449,"flow_src_last_pkt_time":82064449,"flow_dst_last_pkt_time":82064449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.182.171.50","src_port":28681,"dst_port":15180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":82063378,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":132832434,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063492,"flow_src_last_pkt_time":82063492,"flow_dst_last_pkt_time":82063492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061887,"flow_src_last_pkt_time":82061887,"flow_dst_last_pkt_time":82061887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.177.5.135","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059148,"flow_src_last_pkt_time":82059148,"flow_dst_last_pkt_time":82059148,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.159.111","src_port":28681,"dst_port":44729,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518912,"flow_src_last_pkt_time":83518912,"flow_dst_last_pkt_time":83518912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.169.215.227","src_port":28681,"dst_port":26820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063616,"flow_src_last_pkt_time":82063616,"flow_dst_last_pkt_time":82063616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.44.126.74","src_port":28681,"dst_port":54633,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060041,"flow_src_last_pkt_time":82060041,"flow_dst_last_pkt_time":82060041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.162.52.93","src_port":28681,"dst_port":34799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":191700445,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":191704123,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066069,"flow_src_last_pkt_time":82066069,"flow_dst_last_pkt_time":82066069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.166.132.204","src_port":28681,"dst_port":11194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065387,"flow_src_last_pkt_time":82065387,"flow_dst_last_pkt_time":82065387,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"120.156.204.38","src_port":28681,"dst_port":54832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064635,"flow_src_last_pkt_time":82064635,"flow_dst_last_pkt_time":82064635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.73.129.26","src_port":28681,"dst_port":53585,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066178,"flow_src_last_pkt_time":82066178,"flow_dst_last_pkt_time":82066178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.242.191.215","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066316,"flow_src_last_pkt_time":82066316,"flow_dst_last_pkt_time":82066316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.64.215","src_port":28681,"dst_port":25058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060665,"flow_src_last_pkt_time":192907653,"flow_dst_last_pkt_time":82060665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":132833113,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518339,"flow_src_last_pkt_time":83518339,"flow_dst_last_pkt_time":83518339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.3.223","src_port":28681,"dst_port":12848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064299,"flow_src_last_pkt_time":82064299,"flow_dst_last_pkt_time":82064299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059900,"flow_src_last_pkt_time":82059900,"flow_dst_last_pkt_time":82059900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.157.59.43","src_port":28681,"dst_port":56919,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":191703986,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519424,"flow_src_last_pkt_time":83519424,"flow_dst_last_pkt_time":83519424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":82061139,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059383,"flow_src_last_pkt_time":131671261,"flow_dst_last_pkt_time":82059383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":191703710,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":191700671,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063123,"flow_src_last_pkt_time":82063123,"flow_dst_last_pkt_time":82063123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.195.105.243","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":191704243,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061491,"flow_src_last_pkt_time":82061491,"flow_dst_last_pkt_time":82061491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"178.51.146.115","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062738,"flow_src_last_pkt_time":82062738,"flow_dst_last_pkt_time":82062738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.182.44.202","src_port":28681,"dst_port":30277,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":83518597,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":132832598,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":191701486,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":191703174,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060791,"flow_src_last_pkt_time":82060791,"flow_dst_last_pkt_time":82060791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.74.159.56","src_port":28681,"dst_port":29271,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":82062565,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01036{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":129210409,"flow_src_last_pkt_time":129210409,"flow_dst_last_pkt_time":129210409,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":117,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":117,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":117,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"84.197.97.94","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059497,"flow_src_last_pkt_time":131670469,"flow_dst_last_pkt_time":82059497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":191703392,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062993,"flow_src_last_pkt_time":131669387,"flow_dst_last_pkt_time":82062993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82061259,"flow_src_last_pkt_time":132833697,"flow_dst_last_pkt_time":82061259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.157.183.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065828,"flow_src_last_pkt_time":82065828,"flow_dst_last_pkt_time":82065828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.29.197.138","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":132831688,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062130,"flow_src_last_pkt_time":131672351,"flow_dst_last_pkt_time":82062130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517645,"flow_src_last_pkt_time":83517645,"flow_dst_last_pkt_time":83517645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.120.146","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519999,"flow_src_last_pkt_time":83519999,"flow_dst_last_pkt_time":83519999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.52.115","src_port":28681,"dst_port":53956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517985,"flow_src_last_pkt_time":83517985,"flow_dst_last_pkt_time":83517985,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"186.93.139.92","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":131668560,"flow_src_last_pkt_time":131668560,"flow_dst_last_pkt_time":131668560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"187.37.87.189","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":132832301,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057279,"flow_src_last_pkt_time":82057279,"flow_dst_last_pkt_time":82057279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"174.115.111.224","src_port":28681,"dst_port":51984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065036,"flow_src_last_pkt_time":82065036,"flow_dst_last_pkt_time":82065036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063782,"flow_src_last_pkt_time":82063782,"flow_dst_last_pkt_time":82063782,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.150.126.156","src_port":28681,"dst_port":16471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061374,"flow_src_last_pkt_time":82061374,"flow_dst_last_pkt_time":82061374,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.46.253.7","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059277,"flow_src_last_pkt_time":131673144,"flow_dst_last_pkt_time":82059277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519593,"flow_src_last_pkt_time":83519593,"flow_dst_last_pkt_time":83519593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"212.68.248.153","src_port":28681,"dst_port":27223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":82058413,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065556,"flow_src_last_pkt_time":82065556,"flow_dst_last_pkt_time":82065556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.126.240.32","src_port":28681,"dst_port":45313,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065172,"flow_src_last_pkt_time":82065172,"flow_dst_last_pkt_time":82065172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059497,"flow_src_last_pkt_time":131670469,"flow_dst_last_pkt_time":82059497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":191703392,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062993,"flow_src_last_pkt_time":131669387,"flow_dst_last_pkt_time":82062993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82061259,"flow_src_last_pkt_time":132833697,"flow_dst_last_pkt_time":82061259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.157.183.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065828,"flow_src_last_pkt_time":82065828,"flow_dst_last_pkt_time":82065828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.29.197.138","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":132831688,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062130,"flow_src_last_pkt_time":131672351,"flow_dst_last_pkt_time":82062130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517645,"flow_src_last_pkt_time":83517645,"flow_dst_last_pkt_time":83517645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.120.146","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519999,"flow_src_last_pkt_time":83519999,"flow_dst_last_pkt_time":83519999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.52.115","src_port":28681,"dst_port":53956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517985,"flow_src_last_pkt_time":83517985,"flow_dst_last_pkt_time":83517985,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"186.93.139.92","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":131668560,"flow_src_last_pkt_time":131668560,"flow_dst_last_pkt_time":131668560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"187.37.87.189","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":132832301,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057279,"flow_src_last_pkt_time":82057279,"flow_dst_last_pkt_time":82057279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"174.115.111.224","src_port":28681,"dst_port":51984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065036,"flow_src_last_pkt_time":82065036,"flow_dst_last_pkt_time":82065036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063782,"flow_src_last_pkt_time":82063782,"flow_dst_last_pkt_time":82063782,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.150.126.156","src_port":28681,"dst_port":16471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061374,"flow_src_last_pkt_time":82061374,"flow_dst_last_pkt_time":82061374,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.46.253.7","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059277,"flow_src_last_pkt_time":131673144,"flow_dst_last_pkt_time":82059277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519593,"flow_src_last_pkt_time":83519593,"flow_dst_last_pkt_time":83519593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"212.68.248.153","src_port":28681,"dst_port":27223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":82058413,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065556,"flow_src_last_pkt_time":82065556,"flow_dst_last_pkt_time":82065556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.126.240.32","src_port":28681,"dst_port":45313,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065172,"flow_src_last_pkt_time":82065172,"flow_dst_last_pkt_time":82065172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":238361827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2515,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243615643,"flow_src_last_pkt_time":243615643,"flow_dst_last_pkt_time":243615643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":243615643,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.182.136.42","src_port":28681,"dst_port":27873,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2515,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_src_last_pkt_time":243615643,"flow_dst_last_pkt_time":243615643,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":243615643,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4xOkAAIARl9wKAAIPSbaIKnAJbOEAJMFk\/WUxApXeKd\/\/Y1FYXCcaAwABAAUAAADDglFLQA=="} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2516,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243615848,"flow_src_last_pkt_time":243615848,"flow_dst_last_pkt_time":243615848,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":243615848,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"156.57.42.2","src_port":28681,"dst_port":33476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -2396,9 +2518,9 @@ 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2555,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":95754583,"flow_src_last_pkt_time":139695067,"flow_dst_last_pkt_time":139756356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":1454,"midstream":0,"thread_ts_usec":244452929,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2555,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":139669712,"flow_src_last_pkt_time":139669712,"flow_dst_last_pkt_time":139669712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":244452929,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.224.174.174","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2555,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":139506403,"flow_src_last_pkt_time":139506403,"flow_dst_last_pkt_time":139506403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":244452929,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.35.85.238","src_port":28681,"dst_port":32173,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2555,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":93713981,"flow_src_last_pkt_time":93713981,"flow_dst_last_pkt_time":93713981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":244452929,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2555,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":93713981,"flow_src_last_pkt_time":93713981,"flow_dst_last_pkt_time":93713981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":244452929,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2555,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":95443212,"flow_src_last_pkt_time":176333600,"flow_dst_last_pkt_time":176562520,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":3741,"midstream":0,"thread_ts_usec":244452929,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2555,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":93714209,"flow_src_last_pkt_time":192907093,"flow_dst_last_pkt_time":93714209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":244452929,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2555,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":93714209,"flow_src_last_pkt_time":192907093,"flow_dst_last_pkt_time":93714209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":244452929,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2555,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":90184128,"flow_src_last_pkt_time":179814808,"flow_dst_last_pkt_time":180130949,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":561,"flow_dst_tot_l4_payload_len":3014,"midstream":0,"thread_ts_usec":244452929,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00762{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2555,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":90880863,"flow_src_last_pkt_time":243585221,"flow_dst_last_pkt_time":243614594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":699,"flow_dst_tot_l4_payload_len":4107,"midstream":0,"thread_ts_usec":244452929,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":28681,"dst_port":59596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2555,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":95784533,"flow_src_last_pkt_time":139724985,"flow_dst_last_pkt_time":139896214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":1454,"midstream":0,"thread_ts_usec":244452929,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -2435,10 +2557,12 @@ 01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2555,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":95716226,"flow_src_last_pkt_time":243617528,"flow_dst_last_pkt_time":243760248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":244452929,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2560,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251734977,"flow_src_last_pkt_time":251734977,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251734977,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2560,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_src_last_pkt_time":251734977,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":251734977,"pkt":"UlQAEjUCCAAn5uVZCABFAAA086wAAIARiikKAAIPgS0vp3AJGMoAIFk6R05EED9OAQFUC1FLUlAGUk5BXS\/iNQlw"} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2560,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251734977,"flow_src_last_pkt_time":251734977,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251734977,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2561,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":3,"flow_src_last_pkt_time":251735454,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":251735454,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0rnMAAIARKEEKAAIPWjv9unAJPMMAII4eR05EED9PAQFUC1FLUlAGUk5BXS\/iNQlw"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2562,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_src_last_pkt_time":251735642,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":251735642,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0RwQAAIARmdYKAAIPvpmPNnAJ\/\/8AINUGR05EED9QAQFUC1FLUlAGUk5BXS\/iNQlw"} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2563,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251735839,"flow_src_last_pkt_time":251735839,"flow_dst_last_pkt_time":251735839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251735839,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.178.192.76","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2563,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_src_last_pkt_time":251735839,"flow_dst_last_pkt_time":251735839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":251735839,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0jpwAAIARMg8KAAIPrbLATHAJGMoAIJwMR05EED9RAQFUC1FLUlAGUk5BXS\/iNQlw"} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2563,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251735839,"flow_src_last_pkt_time":251735839,"flow_dst_last_pkt_time":251735839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251735839,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.178.192.76","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2564,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":4,"flow_src_last_pkt_time":251736271,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":251736271,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0p7cAAIARK7EKAAIPWKkCmXAJzL4AIPrTR05EED9SAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":4,"flow_src_last_pkt_time":251736359,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":251736359,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0rEAAAIARiPAKAAIPVuOilnAJGMoAIBCQR05EED9TAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2566,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":4,"flow_src_last_pkt_time":251736500,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":251736500,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0JGAAAIARImwKAAIPWkGNnXAJGMoAICIqR05EED9UAQFUC1FLUlAGUk5BXS\/iNQlw"} @@ -2458,87 +2582,126 @@ 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2580,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":3,"flow_src_last_pkt_time":251738527,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":251738527,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0XA4AAIARFJgKAAIPqv4TBnAJXnQAIAZMR05EED9iAQFUC1FLUlAGUk5BXS\/iNQlw"} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2581,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251738882,"flow_src_last_pkt_time":251738882,"flow_dst_last_pkt_time":251738882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251738882,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.219.202.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2581,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":1,"flow_src_last_pkt_time":251738882,"flow_dst_last_pkt_time":251738882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251738882,"pkt":"UlQAEjUCCAAn5uVZCABFAABpgBkAAIARlX4KAAIPTtvKAnAJGMoAVResR05EED9jAQFMQVEyUApVRFBdL+I1CXBvOYAkSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2581,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251738882,"flow_src_last_pkt_time":251738882,"flow_dst_last_pkt_time":251738882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251738882,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.219.202.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2582,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739069,"flow_src_last_pkt_time":251739069,"flow_dst_last_pkt_time":251739069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251739069,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"197.244.171.132","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2582,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_src_last_pkt_time":251739069,"flow_dst_last_pkt_time":251739069,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251739069,"pkt":"UlQAEjUCCAAn5uVZCABFAABpn\/EAAIARHQsKAAIPxfSrhHAJGMoAVUkZR05EED9kAQFMQVEyUApVRFBdL+I1CXA0OLGbSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2582,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739069,"flow_src_last_pkt_time":251739069,"flow_dst_last_pkt_time":251739069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251739069,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"197.244.171.132","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2583,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739244,"flow_src_last_pkt_time":251739244,"flow_dst_last_pkt_time":251739244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251739244,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.234.216.251","src_port":28681,"dst_port":17845,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2583,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_src_last_pkt_time":251739244,"flow_dst_last_pkt_time":251739244,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251739244,"pkt":"UlQAEjUCCAAn5uVZCABFAABpjkwAAIARcEMKAAIPVurY+3AJRbUAVQcCR05EED9lAQFMQVEyUApVRFBdL+I1CXDHMdz4SAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2583,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739244,"flow_src_last_pkt_time":251739244,"flow_dst_last_pkt_time":251739244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251739244,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.234.216.251","src_port":28681,"dst_port":17845,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2584,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739411,"flow_src_last_pkt_time":251739411,"flow_dst_last_pkt_time":251739411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251739411,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.31.118","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2584,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_src_last_pkt_time":251739411,"flow_dst_last_pkt_time":251739411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251739411,"pkt":"UlQAEjUCCAAn5uVZCABFAABpJdUAAIAROI8KAAIPsJsfdnAJGMoAVbHHR05EED9mAQFMQVEyUApVRFBdL+I1CXBQgEyMSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2584,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739411,"flow_src_last_pkt_time":251739411,"flow_dst_last_pkt_time":251739411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251739411,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.31.118","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2585,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739607,"flow_src_last_pkt_time":251739607,"flow_dst_last_pkt_time":251739607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251739607,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.27.3.68","src_port":28681,"dst_port":57380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2585,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_src_last_pkt_time":251739607,"flow_dst_last_pkt_time":251739607,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251739607,"pkt":"UlQAEjUCCAAn5uVZCABFAABpkwUAAIARKxEKAAIPbRsDRHAJ4CQAVb5+R05EED9nAQFMQVEyUApVRFBdL+I1CXCQaKwvSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2585,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739607,"flow_src_last_pkt_time":251739607,"flow_dst_last_pkt_time":251739607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251739607,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.27.3.68","src_port":28681,"dst_port":57380,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2586,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":5,"flow_src_last_pkt_time":251739691,"flow_dst_last_pkt_time":174341975,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":251739691,"pkt":"UlQAEjUCCAAn5uVZCABFAABUxlgAAIARNKAKAAIPjoSlDXAJd2YAQAphXS\/iNTECAGQaxPLpTglwD4ABACEAAAD5AHBpbmtmbG95ZADDAlFLRFrK9p0DU0NQQAFaQIJQUkA="} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2587,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739830,"flow_src_last_pkt_time":251739830,"flow_dst_last_pkt_time":251739830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251739830,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2587,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_src_last_pkt_time":251739830,"flow_dst_last_pkt_time":251739830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251739830,"pkt":"UlQAEjUCCAAn5uVZCABFAABpBqsAAIARzDsKAAIPw7WX2XAJGMoAVdFRR05EED9oAQFMQVEyUApVRFBdL+I1CXDKQckfSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2587,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739830,"flow_src_last_pkt_time":251739830,"flow_dst_last_pkt_time":251739830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251739830,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2588,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_src_last_pkt_time":251739950,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":251739950,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0B\/8AAIARw8UKAAIPcHfybnAJHvIAIKDlR05EED9pAQFUC1FLUlAGUk5BXS\/iNQlw"} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2589,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740138,"flow_src_last_pkt_time":251740138,"flow_dst_last_pkt_time":251740138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251740138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.2.245","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2589,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_src_last_pkt_time":251740138,"flow_dst_last_pkt_time":251740138,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251740138,"pkt":"UlQAEjUCCAAn5uVZCABFAABp+vMAAIAR1iUKAAIPWmcC9XAJGMoAVbquR05EED9qAQFMQVEyUApVRFBdL+I1CXDvdHgBSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2589,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740138,"flow_src_last_pkt_time":251740138,"flow_dst_last_pkt_time":251740138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251740138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.2.245","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2590,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740269,"flow_src_last_pkt_time":251740269,"flow_dst_last_pkt_time":251740269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251740269,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.194.53.68","src_port":28681,"dst_port":33770,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2590,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_src_last_pkt_time":251740269,"flow_dst_last_pkt_time":251740269,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251740269,"pkt":"UlQAEjUCCAAn5uVZCABFAABp6gYAAIARuGgKAAIPVsI1RHAJg+oAVTU8R05EED9rAQFMQVEyUApVRFBdL+I1CXDTUzsOSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2590,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740269,"flow_src_last_pkt_time":251740269,"flow_dst_last_pkt_time":251740269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251740269,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.194.53.68","src_port":28681,"dst_port":33770,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740418,"flow_src_last_pkt_time":251740418,"flow_dst_last_pkt_time":251740418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251740418,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.28.130.131","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_src_last_pkt_time":251740418,"flow_dst_last_pkt_time":251740418,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251740418,"pkt":"UlQAEjUCCAAn5uVZCABFAABpE5AAAIARO0YKAAIPXRyCg3AJGMoAVTPWR05EED9sAQFMQVEyUApVRFBdL+I1CXAD+PaCSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740418,"flow_src_last_pkt_time":251740418,"flow_dst_last_pkt_time":251740418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251740418,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.28.130.131","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2592,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740552,"flow_src_last_pkt_time":251740552,"flow_dst_last_pkt_time":251740552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251740552,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.143.28.64","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2592,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_src_last_pkt_time":251740552,"flow_dst_last_pkt_time":251740552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251740552,"pkt":"UlQAEjUCCAAn5uVZCABFAABpwd8AAIAR9sYKAAIPWY8cQHAJGMoAVVMGR05EED9tAQFMQVEyUApVRFBdL+I1CXAhZ3heSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2592,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740552,"flow_src_last_pkt_time":251740552,"flow_dst_last_pkt_time":251740552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251740552,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.143.28.64","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2593,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740694,"flow_src_last_pkt_time":251740694,"flow_dst_last_pkt_time":251740694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251740694,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.177.52.73","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2593,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":1,"flow_src_last_pkt_time":251740694,"flow_dst_last_pkt_time":251740694,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251740694,"pkt":"UlQAEjUCCAAn5uVZCABFAABp3loAAIAR4SAKAAIPOrE0SXAJGMoAVVoRR05EED9uAQFMQVEyUApVRFBdL+I1CXAwmTIsSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2593,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740694,"flow_src_last_pkt_time":251740694,"flow_dst_last_pkt_time":251740694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251740694,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.177.52.73","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_src_last_pkt_time":251740802,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":251740802,"pkt":"UlQAEjUCCAAn5uVZCABFAAA01LUAAIARp3wKAAIPXINV9XAJe\/8AIPQ\/R05EED9vAQFUC1FLUlAGUk5BXS\/iNQlw"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2595,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_src_last_pkt_time":251740913,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":251740913,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0tBMAAIAREWMKAAIPUTIYAnAJRdIAIHOwR05EED9wAQFUC1FLUlAGUk5BXS\/iNQlw"} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2596,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741037,"flow_src_last_pkt_time":251741037,"flow_dst_last_pkt_time":251741037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251741037,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.65.188.29","src_port":28681,"dst_port":24676,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2596,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_src_last_pkt_time":251741037,"flow_dst_last_pkt_time":251741037,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251741037,"pkt":"UlQAEjUCCAAn5uVZCABFAABptKwAAIARZmoKAAIPV0G8HXAJYGQAVfy4R05EED9xAQFMQVEyUApVRFBdL+I1CXAsjoyoSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2596,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741037,"flow_src_last_pkt_time":251741037,"flow_dst_last_pkt_time":251741037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251741037,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.65.188.29","src_port":28681,"dst_port":24676,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2597,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741183,"flow_src_last_pkt_time":251741183,"flow_dst_last_pkt_time":251741183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251741183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":28681,"dst_port":8255,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2597,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_src_last_pkt_time":251741183,"flow_dst_last_pkt_time":251741183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251741183,"pkt":"UlQAEjUCCAAn5uVZCABFAABpyBYAAIARGbUKAAIPr7Wc9HAJID8AVaTlR05EED9yAQFMQVEyUApVRFBdL+I1CXAnhz4OSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2597,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741183,"flow_src_last_pkt_time":251741183,"flow_dst_last_pkt_time":251741183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251741183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":28681,"dst_port":8255,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2598,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741302,"flow_src_last_pkt_time":251741302,"flow_dst_last_pkt_time":251741302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251741302,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.247.160.96","src_port":28681,"dst_port":17817,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2598,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_src_last_pkt_time":251741302,"flow_dst_last_pkt_time":251741302,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251741302,"pkt":"UlQAEjUCCAAn5uVZCABFAABp2rQAAIARWGkKAAIPWvegYHAJRZkAVVg2R05EED9zAQFMQVEyUApVRFBdL+I1CXBQFbv4SAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2598,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741302,"flow_src_last_pkt_time":251741302,"flow_dst_last_pkt_time":251741302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251741302,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.247.160.96","src_port":28681,"dst_port":17817,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2599,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741399,"flow_src_last_pkt_time":251741399,"flow_dst_last_pkt_time":251741399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251741399,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.139.61.103","src_port":28681,"dst_port":24096,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2599,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_src_last_pkt_time":251741399,"flow_dst_last_pkt_time":251741399,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251741399,"pkt":"UlQAEjUCCAAn5uVZCABFAABpgP4AAIARE4UKAAIPXIs9Z3AJXiAAVReAR05EED90AQFMQVEyUApVRFBdL+I1CXAgCH+PSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2599,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741399,"flow_src_last_pkt_time":251741399,"flow_dst_last_pkt_time":251741399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251741399,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.139.61.103","src_port":28681,"dst_port":24096,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2600,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741506,"flow_src_last_pkt_time":251741506,"flow_dst_last_pkt_time":251741506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251741506,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.187.236.179","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2600,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_src_last_pkt_time":251741506,"flow_dst_last_pkt_time":251741506,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251741506,"pkt":"UlQAEjUCCAAn5uVZCABFAABpPOUAAIARpiEKAAIPXrvss3AJGMoAVc9JR05EED91AQFMQVEyUApVRFBdL+I1CXAK96N8SAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2600,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741506,"flow_src_last_pkt_time":251741506,"flow_dst_last_pkt_time":251741506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251741506,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.187.236.179","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2601,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741613,"flow_src_last_pkt_time":251741613,"flow_dst_last_pkt_time":251741613,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251741613,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.129.149.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2601,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_src_last_pkt_time":251741613,"flow_dst_last_pkt_time":251741613,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251741613,"pkt":"UlQAEjUCCAAn5uVZCABFAABpWIsAAIAR9QEKAAIPS4GVZ3AJGMoAVejfR05EED92AQFMQVEyUApVRFBdL+I1CXB7zyH1SAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2601,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741613,"flow_src_last_pkt_time":251741613,"flow_dst_last_pkt_time":251741613,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251741613,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.129.149.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2602,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741711,"flow_src_last_pkt_time":251741711,"flow_dst_last_pkt_time":251741711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251741711,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.193.236.8","src_port":28681,"dst_port":46557,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2602,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_src_last_pkt_time":251741711,"flow_dst_last_pkt_time":251741711,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251741711,"pkt":"UlQAEjUCCAAn5uVZCABFAABptLQAAIARPvcKAAIPTsHsCHAJtd0AVaGTR05EED93AQFMQVEyUApVRFBdL+I1CXBWRJ3QSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2602,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741711,"flow_src_last_pkt_time":251741711,"flow_dst_last_pkt_time":251741711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251741711,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.193.236.8","src_port":28681,"dst_port":46557,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2603,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741806,"flow_src_last_pkt_time":251741806,"flow_dst_last_pkt_time":251741806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251741806,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.127.34","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2603,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_src_last_pkt_time":251741806,"flow_dst_last_pkt_time":251741806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251741806,"pkt":"UlQAEjUCCAAn5uVZCABFAABp\/oQAAIARWesKAAIPVuN\/InAJGMoAVVdoR05EED94AQFMQVEyUApVRFBdL+I1CXD9RPkbSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2603,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741806,"flow_src_last_pkt_time":251741806,"flow_dst_last_pkt_time":251741806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251741806,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.127.34","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2604,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741922,"flow_src_last_pkt_time":251741922,"flow_dst_last_pkt_time":251741922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251741922,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.182.39.11","src_port":28681,"dst_port":12977,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2604,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_src_last_pkt_time":251741922,"flow_dst_last_pkt_time":251741922,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251741922,"pkt":"UlQAEjUCCAAn5uVZCABFAABpD2cAAIARSE0KAAIPr7YnC3AJMrEAVZiQR05EED95AQFMQVEyUApVRFBdL+I1CXCiUoeySAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2604,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741922,"flow_src_last_pkt_time":251741922,"flow_dst_last_pkt_time":251741922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251741922,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.182.39.11","src_port":28681,"dst_port":12977,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2605,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742020,"flow_src_last_pkt_time":251742020,"flow_dst_last_pkt_time":251742020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251742020,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.35.219","src_port":28681,"dst_port":42211,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2605,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_src_last_pkt_time":251742020,"flow_dst_last_pkt_time":251742020,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251742020,"pkt":"UlQAEjUCCAAn5uVZCABFAABpDCwAAIARpfMKAAIPWHsj23AJpOMAVY76R05EED96AQFMQVEyUApVRFBdL+I1CXA5574PSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2605,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742020,"flow_src_last_pkt_time":251742020,"flow_dst_last_pkt_time":251742020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251742020,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.35.219","src_port":28681,"dst_port":42211,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2606,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742117,"flow_src_last_pkt_time":251742117,"flow_dst_last_pkt_time":251742117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251742117,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.6.226","src_port":28681,"dst_port":9713,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2606,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_src_last_pkt_time":251742117,"flow_dst_last_pkt_time":251742117,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251742117,"pkt":"UlQAEjUCCAAn5uVZCABFAABpUuIAAIARXLoKAAIPd\/cG4nAJJfEAVXf1R05EED97AQFMQVEyUApVRFBdL+I1CXCyY7kmSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2606,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742117,"flow_src_last_pkt_time":251742117,"flow_dst_last_pkt_time":251742117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251742117,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.6.226","src_port":28681,"dst_port":9713,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2607,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742217,"flow_src_last_pkt_time":251742217,"flow_dst_last_pkt_time":251742217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251742217,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.15.216.216","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2607,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_src_last_pkt_time":251742217,"flow_dst_last_pkt_time":251742217,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251742217,"pkt":"UlQAEjUCCAAn5uVZCABFAABp9RgAAIARA3UKAAIPXQ\/Y2HAJGMoAVYvoR05EED98AQFMQVEyUApVRFBdL+I1CXCl\/OnPSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2607,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742217,"flow_src_last_pkt_time":251742217,"flow_dst_last_pkt_time":251742217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251742217,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.15.216.216","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2608,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742343,"flow_src_last_pkt_time":251742343,"flow_dst_last_pkt_time":251742343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251742343,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"145.82.53.165","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2608,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_src_last_pkt_time":251742343,"flow_dst_last_pkt_time":251742343,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251742343,"pkt":"UlQAEjUCCAAn5uVZCABFAABpyoQAAIARnPkKAAIPkVI1pXAJGMoAVbRqR05EED99AQFMQVEyUApVRFBdL+I1CXBpxpNMSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2608,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742343,"flow_src_last_pkt_time":251742343,"flow_dst_last_pkt_time":251742343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251742343,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"145.82.53.165","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2609,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742442,"flow_src_last_pkt_time":251742442,"flow_dst_last_pkt_time":251742442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251742442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.71.44.121","src_port":28681,"dst_port":14398,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2609,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_src_last_pkt_time":251742442,"flow_dst_last_pkt_time":251742442,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251742442,"pkt":"UlQAEjUCCAAn5uVZCABFAABpjvsAAIARl7kKAAIP20cseXAJOD4AVTM8R05EED9+AQFMQVEyUApVRFBdL+I1CXDAVizdSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2609,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742442,"flow_src_last_pkt_time":251742442,"flow_dst_last_pkt_time":251742442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251742442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.71.44.121","src_port":28681,"dst_port":14398,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2610,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742554,"flow_src_last_pkt_time":251742554,"flow_dst_last_pkt_time":251742554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251742554,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.13.30","src_port":28681,"dst_port":15138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2610,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_src_last_pkt_time":251742554,"flow_dst_last_pkt_time":251742554,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251742554,"pkt":"UlQAEjUCCAAn5uVZCABFAABp\/4AAAIARz90KAAIPUfkNHnAJOyIAVV3HR05EED9\/AQFMQVEyUApVRFBdL+I1CXDXBU+pSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2610,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742554,"flow_src_last_pkt_time":251742554,"flow_dst_last_pkt_time":251742554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251742554,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.13.30","src_port":28681,"dst_port":15138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2611,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742656,"flow_src_last_pkt_time":251742656,"flow_dst_last_pkt_time":251742656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251742656,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.162.97.8","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2611,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_src_last_pkt_time":251742656,"flow_dst_last_pkt_time":251742656,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251742656,"pkt":"UlQAEjUCCAAn5uVZCABFAABpxSAAAIARsaoKAAIPVqJhCHAJGMoAVbYBR05EED+AAQFMQVEyUApVRFBdL+I1CXBICmgWSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742656,"flow_src_last_pkt_time":251742656,"flow_dst_last_pkt_time":251742656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251742656,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.162.97.8","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2612,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_src_last_pkt_time":251742741,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":251742741,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0qf0AAIARfpoKAAIPU1yytnAJ39YAIDy8R05EED+BAQFUC1FLUlAGUk5BXS\/iNQlw"} 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742837,"flow_src_last_pkt_time":251742837,"flow_dst_last_pkt_time":251742837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251742837,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.215.213","src_port":28681,"dst_port":23576,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_src_last_pkt_time":251742837,"flow_dst_last_pkt_time":251742837,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251742837,"pkt":"UlQAEjUCCAAn5uVZCABFAABpbRYAAIARQ+AKAAIPpanX1XAJXBgAVc6AR05EED+CAQFMQVEyUApVRFBdL+I1CXBThrh4SAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01147{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742837,"flow_src_last_pkt_time":251742837,"flow_dst_last_pkt_time":251742837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251742837,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.215.213","src_port":28681,"dst_port":23576,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2614,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742935,"flow_src_last_pkt_time":251742935,"flow_dst_last_pkt_time":251742935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251742935,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.8.95.165","src_port":28681,"dst_port":40763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2614,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":1,"flow_src_last_pkt_time":251742935,"flow_dst_last_pkt_time":251742935,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251742935,"pkt":"UlQAEjUCCAAn5uVZCABFAABpkTwAAIAR44sKAAIPWghfpXAJnzsAVR0tR05EED+DAQFMQVEyUApVRFBdL+I1CXDGRkbqSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2614,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742935,"flow_src_last_pkt_time":251742935,"flow_dst_last_pkt_time":251742935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251742935,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.8.95.165","src_port":28681,"dst_port":40763,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2615,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743039,"flow_src_last_pkt_time":251743039,"flow_dst_last_pkt_time":251743039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743039,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.124.71.246","src_port":28681,"dst_port":49035,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2615,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":1,"flow_src_last_pkt_time":251743039,"flow_dst_last_pkt_time":251743039,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251743039,"pkt":"UlQAEjUCCAAn5uVZCABFAABpAKcAAIARjVwKAAIPWHxH9nAJv4sAVfWnR05EED+EAQFMQVEyUApVRFBdL+I1CXBJizLGSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2615,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743039,"flow_src_last_pkt_time":251743039,"flow_dst_last_pkt_time":251743039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743039,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.124.71.246","src_port":28681,"dst_port":49035,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2616,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743139,"flow_src_last_pkt_time":251743139,"flow_dst_last_pkt_time":251743139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743139,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.6.118.53","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2616,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_src_last_pkt_time":251743139,"flow_dst_last_pkt_time":251743139,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251743139,"pkt":"UlQAEjUCCAAn5uVZCABFAABpRRcAAIARCyMKAAIPaAZ2NXAJGMoAVRHkR05EED+FAQFMQVEyUApVRFBdL+I1CXCTBKSZSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2616,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743139,"flow_src_last_pkt_time":251743139,"flow_dst_last_pkt_time":251743139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743139,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.6.118.53","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2617,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743232,"flow_src_last_pkt_time":251743232,"flow_dst_last_pkt_time":251743232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743232,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.255.145.191","src_port":28681,"dst_port":47264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2617,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_src_last_pkt_time":251743232,"flow_dst_last_pkt_time":251743232,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251743232,"pkt":"UlQAEjUCCAAn5uVZCABFAABpc60AAIARxQkKAAIPY\/+Rv3AJuKAAVf+gR05EED+GAQFMQVEyUApVRFBdL+I1CXClGHrgSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2617,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743232,"flow_src_last_pkt_time":251743232,"flow_dst_last_pkt_time":251743232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743232,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.255.145.191","src_port":28681,"dst_port":47264,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2618,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743326,"flow_src_last_pkt_time":251743326,"flow_dst_last_pkt_time":251743326,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743326,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.24.182.130","src_port":28681,"dst_port":22232,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2618,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_src_last_pkt_time":251743326,"flow_dst_last_pkt_time":251743326,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251743326,"pkt":"UlQAEjUCCAAn5uVZCABFAABprogAAIARV1IKAAIPchi2gnAJVtgAVTeWR05EED+HAQFMQVEyUApVRFBdL+I1CXDG5k8JSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2618,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743326,"flow_src_last_pkt_time":251743326,"flow_dst_last_pkt_time":251743326,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743326,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.24.182.130","src_port":28681,"dst_port":22232,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2619,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743428,"flow_src_last_pkt_time":251743428,"flow_dst_last_pkt_time":251743428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743428,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.24.146.101","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2619,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_src_last_pkt_time":251743428,"flow_dst_last_pkt_time":251743428,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251743428,"pkt":"UlQAEjUCCAAn5uVZCABFAABpKe0AAIARBQsKAAIPbRiSZXAJGMoAVc8GR05EED+IAQFMQVEyUApVRFBdL+I1CXCk7CrTSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2619,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743428,"flow_src_last_pkt_time":251743428,"flow_dst_last_pkt_time":251743428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743428,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.24.146.101","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2620,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743527,"flow_src_last_pkt_time":251743527,"flow_dst_last_pkt_time":251743527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743527,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.68.179.137","src_port":28681,"dst_port":6406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2620,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_src_last_pkt_time":251743527,"flow_dst_last_pkt_time":251743527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251743527,"pkt":"UlQAEjUCCAAn5uVZCABFAABpBbYAAIARmfEKAAIP20SziXAJGQYAVWDBR05EED+JAQFMQVEyUApVRFBdL+I1CXC3ZdA4SAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2620,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743527,"flow_src_last_pkt_time":251743527,"flow_dst_last_pkt_time":251743527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743527,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.68.179.137","src_port":28681,"dst_port":6406,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2621,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743626,"flow_src_last_pkt_time":251743626,"flow_dst_last_pkt_time":251743626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743626,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.38.163.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2621,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_src_last_pkt_time":251743626,"flow_dst_last_pkt_time":251743626,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251743626,"pkt":"UlQAEjUCCAAn5uVZCABFAABpXhUAAIARDjgKAAIPHyajAnAJGMoAVb8RR05EED+KAQFMQVEyUApVRFBdL+I1CXCCZpWmSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2621,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743626,"flow_src_last_pkt_time":251743626,"flow_dst_last_pkt_time":251743626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743626,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.38.163.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2622,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743729,"flow_src_last_pkt_time":251743729,"flow_dst_last_pkt_time":251743729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743729,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.86.190.163","src_port":28681,"dst_port":14142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2622,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_src_last_pkt_time":251743729,"flow_dst_last_pkt_time":251743729,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251743729,"pkt":"UlQAEjUCCAAn5uVZCABFAABpnzUAAIARiUYKAAIPR1a+o3AJNz4AVZWpR05EED+LAQFMQVEyUApVRFBdL+I1CXAC+zbZSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2622,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743729,"flow_src_last_pkt_time":251743729,"flow_dst_last_pkt_time":251743729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743729,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.86.190.163","src_port":28681,"dst_port":14142,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2623,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743840,"flow_src_last_pkt_time":251743840,"flow_dst_last_pkt_time":251743840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743840,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.135.15.86","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2623,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_src_last_pkt_time":251743840,"flow_dst_last_pkt_time":251743840,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251743840,"pkt":"UlQAEjUCCAAn5uVZCABFAABpeMgAAIAR9c8KAAIPsIcPVnAJGMoAVfORR05EED+MAQFMQVEyUApVRFBdL+I1CXBFn5s7SAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2623,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743840,"flow_src_last_pkt_time":251743840,"flow_dst_last_pkt_time":251743840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743840,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.135.15.86","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2624,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743945,"flow_src_last_pkt_time":251743945,"flow_dst_last_pkt_time":251743945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743945,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.165.170.112","src_port":28681,"dst_port":37087,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2624,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_src_last_pkt_time":251743945,"flow_dst_last_pkt_time":251743945,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251743945,"pkt":"UlQAEjUCCAAn5uVZCABFAABptQEAAIARA14KAAIPy6WqcHAJkN8AVThSR05EED+NAQFMQVEyUApVRFBdL+I1CXAo9qhxSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01147{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2624,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743945,"flow_src_last_pkt_time":251743945,"flow_dst_last_pkt_time":251743945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251743945,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.165.170.112","src_port":28681,"dst_port":37087,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2626,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251763326,"flow_src_last_pkt_time":251763326,"flow_dst_last_pkt_time":251763326,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251763326,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.199.108","src_port":28681,"dst_port":56040,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2626,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_src_last_pkt_time":251763326,"flow_dst_last_pkt_time":251763326,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":251763326,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4Im4AAIARH98KAAIPJO3HbHAJ2ugAJO8DDHExAr2T6ZT\/ObNg3LKLAwABAAUAAADDglFLQA=="} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2627,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251763431,"flow_src_last_pkt_time":251763431,"flow_dst_last_pkt_time":251763431,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251763431,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.204.130.55","src_port":28681,"dst_port":29545,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -2592,12 +2755,16 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2653,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_src_last_pkt_time":251768524,"flow_dst_last_pkt_time":251768524,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":251768524,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4kWwAAIAR9bEKAAIPZYBCCHAJhtAAJEI7\/fExAretIzz\/aAK525tdAwABAAUAAADDglFLQA=="} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2654,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768679,"flow_src_last_pkt_time":251768679,"flow_dst_last_pkt_time":251768679,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251768679,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"2.28.39.18","src_port":28681,"dst_port":15672,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2654,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_src_last_pkt_time":251768679,"flow_dst_last_pkt_time":251768679,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251768679,"pkt":"UlQAEjUCCAAn5uVZCABFAABptDMAAIARURQKAAIPAhwnEnAJPTgAVXP4R05EED+OAQFMQVEyUApVRFBdL+I1CXCOOiuSSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2654,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768679,"flow_src_last_pkt_time":251768679,"flow_dst_last_pkt_time":251768679,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251768679,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"2.28.39.18","src_port":28681,"dst_port":15672,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2656,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768912,"flow_src_last_pkt_time":251768912,"flow_dst_last_pkt_time":251768912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251768912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"70.119.248.5","src_port":28681,"dst_port":49929,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2656,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":1,"flow_src_last_pkt_time":251768912,"flow_dst_last_pkt_time":251768912,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251768912,"pkt":"UlQAEjUCCAAn5uVZCABFAABpkwYAAIARXPIKAAIPRnf4BXAJwwkAVWk8R05EED+PAQFMQVEyUApVRFBdL+I1CXCywaF6SAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2656,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768912,"flow_src_last_pkt_time":251768912,"flow_dst_last_pkt_time":251768912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251768912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"70.119.248.5","src_port":28681,"dst_port":49929,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2657,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251769032,"flow_src_last_pkt_time":251769032,"flow_dst_last_pkt_time":251769032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251769032,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.64.177.53","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2657,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_src_last_pkt_time":251769032,"flow_dst_last_pkt_time":251769032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251769032,"pkt":"UlQAEjUCCAAn5uVZCABFAABphhwAAIARueMKAAIPPUCxNXAJW6IAVYBcR05EED+QAQFMQVEyUApVRFBdL+I1CXCCOR+jSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2657,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251769032,"flow_src_last_pkt_time":251769032,"flow_dst_last_pkt_time":251769032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251769032,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.64.177.53","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2658,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251769188,"flow_src_last_pkt_time":251769188,"flow_dst_last_pkt_time":251769188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251769188,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.214.12.247","src_port":28681,"dst_port":44001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2658,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_src_last_pkt_time":251769188,"flow_dst_last_pkt_time":251769188,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251769188,"pkt":"UlQAEjUCCAAn5uVZCABFAABpuX4AAIARCSoKAAIPXtYM93AJq+EAVTOfR05EED+RAQFMQVEyUApVRFBdL+I1CXBhK2YwSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2658,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251769188,"flow_src_last_pkt_time":251769188,"flow_dst_last_pkt_time":251769188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251769188,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.214.12.247","src_port":28681,"dst_port":44001,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2659,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_src_last_pkt_time":251769302,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":251769302,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0djcAAIARTnsKAAIPVYoUbnAJGMoAIJ\/SR05EED+SAQFUC1FLUlAGUk5BXS\/iNQlw"} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2662,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251799823,"flow_src_last_pkt_time":251799823,"flow_dst_last_pkt_time":251799823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251799823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":47184,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2662,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_src_last_pkt_time":251799823,"flow_dst_last_pkt_time":251799823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":251799823,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4oEcAAIAR\/\/kKAAIPV3s26nAJuFAAJLIzoTgxArDMLAv\/7an+30aEAwABAAUAAADDglFLQA=="} @@ -2625,8 +2792,10 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2673,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_src_last_pkt_time":251801900,"flow_dst_last_pkt_time":251801900,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":251801900,"pkt":"UlQAEjUCCAAn5uVZCABFAAA49tgAAIARfTwKAAIPcHdKGnAJ\/9oAJJAPBCMxArDSw4b\/H0\/S10KbAwABAAUAAADDglFLQA=="} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2674,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802309,"flow_src_last_pkt_time":251802309,"flow_dst_last_pkt_time":251802309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251802309,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.120.219.74","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2674,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_src_last_pkt_time":251802309,"flow_dst_last_pkt_time":251802309,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251802309,"pkt":"UlQAEjUCCAAn5uVZCABFAABplkUAAIARam0KAAIPUnjbSnAJGMoAVeuTR05EED+TAQFMQVEyUApVRFBdL+I1CXAFqezLSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2674,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802309,"flow_src_last_pkt_time":251802309,"flow_dst_last_pkt_time":251802309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251802309,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.120.219.74","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2675,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802485,"flow_src_last_pkt_time":251802485,"flow_dst_last_pkt_time":251802485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251802485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.193.23.172","src_port":28681,"dst_port":42227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2675,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_src_last_pkt_time":251802485,"flow_dst_last_pkt_time":251802485,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":251802485,"pkt":"UlQAEjUCCAAn5uVZCABFAABpmQMAAIARJwUKAAIPVsEXrHAJpPMAVbfKR05EED+UAQFMQVEyUApVRFBdL+I1CXAJ2N0DSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2675,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802485,"flow_src_last_pkt_time":251802485,"flow_dst_last_pkt_time":251802485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":251802485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.193.23.172","src_port":28681,"dst_port":42227,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2678,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":3,"flow_src_last_pkt_time":251763582,"flow_dst_last_pkt_time":251868720,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":251868720,"pkt":"CAAn5uVZUlQAEjUCCABFAABKCiIAAEAR8WfPJqPkCgACDxp6cAkANsFJWpsxApZGj4\/\/M2sG2xKbAwEBABcAAAB6Gs8mo+QAAAAAAAAAAMOCUUtEhU4oKg=="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2679,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":2,"flow_src_last_pkt_time":251765853,"flow_dst_last_pkt_time":251884410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":251884410,"pkt":"CAAn5uVZUlQAEjUCCABFAABOCiMAAEARXmVE48ElCgACD2tZcAkAOq9\/xWExAmB\/ov7\/ILlztKqjAwEBABsAAABZa0TjwSUMAAAAAIAAAMOCUUtIaDpKbQye1TA="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2680,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":2,"flow_src_last_pkt_time":251764749,"flow_dst_last_pkt_time":251943083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":251943083,"pkt":"CAAn5uVZUlQAEjUCCABFAABJCiQAAEARS28Oxwo8CgACD1uicAkANVFGLAcxApbO4XT\/cwIBXYVTAwEBABYAAACiWw7HCjwAAAAACAAAAMOCVVBDAQAC"} @@ -2647,14 +2816,17 @@ 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2698,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":4,"flow_src_last_pkt_time":253024455,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":253024455,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0JXsAAIARS7AKAAIPTcVvunAJGMoAIExER05EED+ZAQFUC1FLUlAGUk5BXS\/iNQlw"} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2699,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253024623,"flow_src_last_pkt_time":253024623,"flow_dst_last_pkt_time":253024623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":253024623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"107.4.56.177","src_port":28681,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2699,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_src_last_pkt_time":253024623,"flow_dst_last_pkt_time":253024623,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":253024623,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0rIYAAIAR3m4KAAIPawQ4sXAJJxAAIFfHR05EED+aAQFUC1FLUlAGUk5BXS\/iNQlw"} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2699,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253024623,"flow_src_last_pkt_time":253024623,"flow_dst_last_pkt_time":253024623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":253024623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"107.4.56.177","src_port":28681,"dst_port":10000,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2700,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":3,"flow_src_last_pkt_time":253024749,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":253024749,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0v88AAIARvTIKAAIPc0U+Y3AJGMoAIFgZR05EED+bAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2701,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":4,"flow_src_last_pkt_time":253024867,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":253024867,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05VIAAIARsFEKAAIPUkFGxXAJVL0AIDTHR05EED+cAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2702,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":3,"flow_src_last_pkt_time":253024996,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":253024996,"pkt":"UlQAEjUCCAAn5uVZCABFAAA02U8AAIAREUMKAAIPBbQ+ZHAJtTEAIClAR05EED+dAQFUC1FLUlAGUk5BXS\/iNQlw"} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2703,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253025155,"flow_src_last_pkt_time":253025155,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":253025155,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2703,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_src_last_pkt_time":253025155,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":253025155,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0fvgAAIAR6t0KAAIPmgMq0XAJGMoAIETqR05EED+eAQFUC1FLUlAGUk5BXS\/iNQlw"} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2703,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253025155,"flow_src_last_pkt_time":253025155,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":253025155,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2704,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":3,"flow_src_last_pkt_time":253025278,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":253025278,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0oPAAAIAR8ncKAAIPiscQe3AJzwEAILhDR05EED+fAQFUC1FLUlAGUk5BXS\/iNQlw"} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2705,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253025433,"flow_src_last_pkt_time":253025433,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":253025433,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.68.45.203","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2705,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_src_last_pkt_time":253025433,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":253025433,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0rssAAIAR+c8KAAIPWEQty3AJGMoAIIOtR05EED+gAQFUC1FLUlAGUk5BXS\/iNQlw"} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2705,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253025433,"flow_src_last_pkt_time":253025433,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":253025433,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.68.45.203","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2706,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":3,"flow_src_last_pkt_time":253025519,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":253025519,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0lsQAAIARXJsKAAIPVvTkVnAJJ5MAIL+nR05EED+hAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2707,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":4,"flow_src_last_pkt_time":253025614,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":253025614,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0D4YAAIAR1iwKAAIPseeXEHAJGMoAIMDCR05EED+iAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2708,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":3,"flow_src_last_pkt_time":253025731,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":253025731,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0mjsAAIARSyYKAAIPxNmEb3AJYzIAIHYIR05EED+jAQFUC1FLUlAGUk5BXS\/iNQlw"} @@ -2664,141 +2836,94 @@ 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2712,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":2,"flow_src_last_pkt_time":253026184,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":253026184,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0zQYAAIARHcsKAAIPBbQ+JXAJGMoAIMXcR05EED+nAQFUC1FLUlAGUk5BXS\/iNQlw"} 00930{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2713,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":2,"flow_src_last_pkt_time":251741922,"flow_dst_last_pkt_time":253031457,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":361,"pkt_l4_len":327,"thread_ts_usec":253031457,"pkt":"CAAn5uVZUlQAEjUCCABFAAFbCjcAAEARjIuvticLCgACDzKxcAkBR\/IfR05EAUOQAQF4nOtpYgx09GAJCV7IpZrkwOGyfps690aj\/QxA5p3OrLWZuntBzCI1zqD5cYdBTJX3i6SN5PeBmLdDuUMfaR4Eq22turko+jhY1F2n0s5iO4h5a4n6y\/LAEyCmVlJxw6LoHWDRtc+SbLwgVrQtD9ojdghshcS2phthxyBWXJ30LQRsRfXZujRPEYjoS61LHaJgw267GYi3yauBmOXf2R59VIUwv032uCMIZt7pV3qY7qcCtpjJTuazhAKIaXtH8+NUMSYQc\/vmqIIaNW2wNr7+t4uiGcBuUJ\/l+kCIEazWYaPpomg+EJNxYUDQBUV5ELOg\/FPeJzkmiHOY7xsYAdWyBa\/fOueLvQKQAfEZkAFxK0gEHAIgEbCfPFiCHHUYGRgYYvUfmRoyMaRIHfn00o+zgB8AlR+GzA=="} 00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":65065554,"flow_src_last_pkt_time":65065784,"flow_dst_last_pkt_time":65065554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":146,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1042,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57623,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535614,"flow_src_last_pkt_time":71535614,"flow_dst_last_pkt_time":71535614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535614,"flow_src_last_pkt_time":71535614,"flow_dst_last_pkt_time":71535614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536922,"flow_src_last_pkt_time":71536922,"flow_dst_last_pkt_time":71536922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536922,"flow_src_last_pkt_time":71536922,"flow_dst_last_pkt_time":71536922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540687,"flow_src_last_pkt_time":71540687,"flow_dst_last_pkt_time":71540687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.104","src_port":28681,"dst_port":11804,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540687,"flow_src_last_pkt_time":71540687,"flow_dst_last_pkt_time":71540687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.104","src_port":28681,"dst_port":11804,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537199,"flow_src_last_pkt_time":71537199,"flow_dst_last_pkt_time":71537199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537199,"flow_src_last_pkt_time":71537199,"flow_dst_last_pkt_time":71537199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535614,"flow_src_last_pkt_time":71535614,"flow_dst_last_pkt_time":71535614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536922,"flow_src_last_pkt_time":71536922,"flow_dst_last_pkt_time":71536922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540687,"flow_src_last_pkt_time":71540687,"flow_dst_last_pkt_time":71540687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.104","src_port":28681,"dst_port":11804,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537199,"flow_src_last_pkt_time":71537199,"flow_dst_last_pkt_time":71537199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01333{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":12,"flow_first_seen":126831784,"flow_src_last_pkt_time":130215321,"flow_dst_last_pkt_time":130215029,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":513,"flow_dst_tot_l4_payload_len":10365,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50330,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851488,"flow_src_last_pkt_time":72851488,"flow_dst_last_pkt_time":72851488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.225.140.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851488,"flow_src_last_pkt_time":72851488,"flow_dst_last_pkt_time":72851488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.225.140.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538650,"flow_src_last_pkt_time":71538650,"flow_dst_last_pkt_time":71538650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.39.154.69","src_port":28681,"dst_port":4832,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538650,"flow_src_last_pkt_time":71538650,"flow_dst_last_pkt_time":71538650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.39.154.69","src_port":28681,"dst_port":4832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230444,"flow_src_last_pkt_time":70230444,"flow_dst_last_pkt_time":70230444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230444,"flow_src_last_pkt_time":70230444,"flow_dst_last_pkt_time":70230444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850054,"flow_src_last_pkt_time":72850054,"flow_dst_last_pkt_time":72850054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":1024,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850054,"flow_src_last_pkt_time":72850054,"flow_dst_last_pkt_time":72850054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":1024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540307,"flow_src_last_pkt_time":71540307,"flow_dst_last_pkt_time":71540307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540307,"flow_src_last_pkt_time":71540307,"flow_dst_last_pkt_time":71540307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536631,"flow_src_last_pkt_time":71536631,"flow_dst_last_pkt_time":71536631,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536631,"flow_src_last_pkt_time":71536631,"flow_dst_last_pkt_time":71536631,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851488,"flow_src_last_pkt_time":72851488,"flow_dst_last_pkt_time":72851488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.225.140.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538650,"flow_src_last_pkt_time":71538650,"flow_dst_last_pkt_time":71538650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.39.154.69","src_port":28681,"dst_port":4832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01179{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":70230444,"flow_src_last_pkt_time":70230444,"flow_dst_last_pkt_time":70230444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72850054,"flow_src_last_pkt_time":72850054,"flow_dst_last_pkt_time":72850054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":1024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71540307,"flow_src_last_pkt_time":71540307,"flow_dst_last_pkt_time":71540307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01178{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71536631,"flow_src_last_pkt_time":71536631,"flow_dst_last_pkt_time":71536631,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":129210409,"flow_src_last_pkt_time":129210409,"flow_dst_last_pkt_time":129210409,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":117,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":117,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":117,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"84.197.97.94","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538933,"flow_src_last_pkt_time":71538933,"flow_dst_last_pkt_time":71538933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538933,"flow_src_last_pkt_time":71538933,"flow_dst_last_pkt_time":71538933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537931,"flow_src_last_pkt_time":71537931,"flow_dst_last_pkt_time":71537931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537931,"flow_src_last_pkt_time":71537931,"flow_dst_last_pkt_time":71537931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535977,"flow_src_last_pkt_time":71535977,"flow_dst_last_pkt_time":71535977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535977,"flow_src_last_pkt_time":71535977,"flow_dst_last_pkt_time":71535977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538247,"flow_src_last_pkt_time":71538247,"flow_dst_last_pkt_time":71538247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538247,"flow_src_last_pkt_time":71538247,"flow_dst_last_pkt_time":71538247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538933,"flow_src_last_pkt_time":71538933,"flow_dst_last_pkt_time":71538933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537931,"flow_src_last_pkt_time":71537931,"flow_dst_last_pkt_time":71537931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71535977,"flow_src_last_pkt_time":71535977,"flow_dst_last_pkt_time":71535977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538247,"flow_src_last_pkt_time":71538247,"flow_dst_last_pkt_time":71538247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":12461875,"flow_src_last_pkt_time":75501587,"flow_dst_last_pkt_time":12461875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":637,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537663,"flow_src_last_pkt_time":71537663,"flow_dst_last_pkt_time":71537663,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537663,"flow_src_last_pkt_time":71537663,"flow_dst_last_pkt_time":71537663,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851799,"flow_src_last_pkt_time":72851799,"flow_dst_last_pkt_time":72851799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.86.173.45","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851799,"flow_src_last_pkt_time":72851799,"flow_dst_last_pkt_time":72851799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.86.173.45","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539621,"flow_src_last_pkt_time":71539621,"flow_dst_last_pkt_time":71539621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539621,"flow_src_last_pkt_time":71539621,"flow_dst_last_pkt_time":71539621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538408,"flow_src_last_pkt_time":71538408,"flow_dst_last_pkt_time":71538408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538408,"flow_src_last_pkt_time":71538408,"flow_dst_last_pkt_time":71538408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71537663,"flow_src_last_pkt_time":71537663,"flow_dst_last_pkt_time":71537663,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01179{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":72851799,"flow_src_last_pkt_time":72851799,"flow_dst_last_pkt_time":72851799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.86.173.45","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71539621,"flow_src_last_pkt_time":71539621,"flow_dst_last_pkt_time":71539621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":71538408,"flow_src_last_pkt_time":71538408,"flow_dst_last_pkt_time":71538408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":258518644,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2728,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264769233,"flow_src_last_pkt_time":264769233,"flow_dst_last_pkt_time":264769233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":264769233,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2728,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_src_last_pkt_time":264769233,"flow_dst_last_pkt_time":264769233,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":264769233,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gnUAAIARDSsKAAIPGE6GvHAJv5YAIMPdR05EED+oAQFUC1FLUlAGUk5BXS\/iNQlw"} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2728,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264769233,"flow_src_last_pkt_time":264769233,"flow_dst_last_pkt_time":264769233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":264769233,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2729,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264769911,"flow_src_last_pkt_time":264769911,"flow_dst_last_pkt_time":264769911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":264769911,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":28681,"dst_port":9852,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2729,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_src_last_pkt_time":264769911,"flow_dst_last_pkt_time":264769911,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":264769911,"pkt":"UlQAEjUCCAAn5uVZCABFAABp4pAAAIAROcEKAAIPt7NacHAJJnwAVd0aR05EED+pAQFMQVEyUApVRFBdL+I1CXCJt7jZSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2729,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264769911,"flow_src_last_pkt_time":264769911,"flow_dst_last_pkt_time":264769911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":264769911,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":28681,"dst_port":9852,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2730,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770348,"flow_src_last_pkt_time":264770348,"flow_dst_last_pkt_time":264770348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":264770348,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"108.44.45.25","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_src_last_pkt_time":264770348,"flow_dst_last_pkt_time":264770348,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":264770348,"pkt":"UlQAEjUCCAAn5uVZCABFAABpkz4AAIARAfIKAAIPbCwtGXAJGMoAVdqpR05EED+qAQFMQVEyUApVRFBdL+I1CXAI8TopSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2730,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770348,"flow_src_last_pkt_time":264770348,"flow_dst_last_pkt_time":264770348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":264770348,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"108.44.45.25","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2731,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770979,"flow_src_last_pkt_time":264770979,"flow_dst_last_pkt_time":264770979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":264770979,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.3.215.132","src_port":28681,"dst_port":20356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_src_last_pkt_time":264770979,"flow_dst_last_pkt_time":264770979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":264770979,"pkt":"UlQAEjUCCAAn5uVZCABFAABpirEAAIARcjwKAAIPWgPXhHAJT4QAVQgYR05EED+rAQFMQVEyUApVRFBdL+I1CXAxwKVdSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2731,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770979,"flow_src_last_pkt_time":264770979,"flow_dst_last_pkt_time":264770979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":264770979,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.3.215.132","src_port":28681,"dst_port":20356,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2732,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264771328,"flow_src_last_pkt_time":264771328,"flow_dst_last_pkt_time":264771328,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":264771328,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.42.210","src_port":28681,"dst_port":5512,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_src_last_pkt_time":264771328,"flow_dst_last_pkt_time":264771328,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":264771328,"pkt":"UlQAEjUCCAAn5uVZCABFAABpGyoAAIARw5AKAAIPJOkq0nAJFYgAVWvGR05EED+sAQFMQVEyUApVRFBdL+I1CXAmCcrMSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2732,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264771328,"flow_src_last_pkt_time":264771328,"flow_dst_last_pkt_time":264771328,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":264771328,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.42.210","src_port":28681,"dst_port":5512,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2733,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264771658,"flow_src_last_pkt_time":264771658,"flow_dst_last_pkt_time":264771658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":264771658,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.94.41.71","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2733,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_src_last_pkt_time":264771658,"flow_dst_last_pkt_time":264771658,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":264771658,"pkt":"UlQAEjUCCAAn5uVZCABFAABpgtwAAIAR1fMKAAIPrF4pR3AJGMoAVRJfR05EED+tAQFMQVEyUApVRFBdL+I1CXB2YrRDSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264771658,"flow_src_last_pkt_time":264771658,"flow_dst_last_pkt_time":264771658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":264771658,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.94.41.71","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00909{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2734,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":2,"flow_src_last_pkt_time":264769911,"flow_dst_last_pkt_time":265025254,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":343,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":343,"pkt_l4_len":309,"thread_ts_usec":265025254,"pkt":"CAAn5uVZUlQAEjUCCABFAAFJCocAAEARUOu3s1pwCgACDyZ8cAkBNf6\/R05EAdfTAQF4nOvJYQx09GAJCd7JpZrkwOGyfXNUQY2aNgOQqcVkJ\/NZQgHELP822eOOoBqIeWuJ+svywBMg5m03A\/E2ebCoyvurk76F7AMxiyS2Nd0IOwZWu\/ZZko3XfhDzTtvyoD1ih8DM1qqbi6KPg5jrt6lzbzQ6ABbtzFqbqbsXbHFSccOi6B0gZvXZujRPkaMQKxZJG8mDrbjtrlNpZ7EdzAzlDn2keRDsSL7+t4uiGcBuUJ\/l+kCIEcS0ddhouiiaH8y8o\/lxqhgTiHlqur31CVlBEJNxYUDQBUV5ELOg\/FPeJzmwApWXzPcNjBghTK1LHaJAH7MFF6lxBs2PAzIgrgUyIOGFzID4yYMlyFGHkYGBIVb\/kakhE0OK1JFPL\/04C\/gBLLx7vA=="} 00906{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2737,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":2,"flow_src_last_pkt_time":264771328,"flow_dst_last_pkt_time":265818202,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":265818202,"pkt":"CAAn5uVZUlQAEjUCCABFAAFLCokAAEARE1Ak6SrSCgACDxWIcAkBNyevR05EASbRAQF4nOtJZAx09GAJCV7HpZrkwOGi8lLrUofoCQYg83Yod+gjzYNgprtOpZ3FdhDzTmfW2kzdvWBma9XNRdHHwcy25UF7xA6BmEVqnEHz4w6DmLfWPkuy8doPYqq8vzrpW8g+EPP0Pb5VKtHHIKKLpI3kwaK3lqi\/LA8EW7x+mzr3RqMDIGb5t8kedwTVQEytpOKGRdE7QMzqs3VpniJgE267GYi3yauCmAXln\/I+yTGCTdg654u9ghKIaeuw0XRRNB\/Ykf1KD9P9VMCGMdnJfJaQB7tXYlvTjTCwYaem21ufkBUEMbdvjiqoUdNmcGALLv\/O9uijKpABCRCQCF\/\/20XRQAbETUAGxGgPliBHHUYGBoZY\/UemhkwMKVJHPr304yzgBwBT3ny5"} -00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060300,"flow_src_last_pkt_time":82060300,"flow_dst_last_pkt_time":82060300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060300,"flow_src_last_pkt_time":82060300,"flow_dst_last_pkt_time":82060300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064076,"flow_src_last_pkt_time":82064076,"flow_dst_last_pkt_time":82064076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.127.72.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064076,"flow_src_last_pkt_time":82064076,"flow_dst_last_pkt_time":82064076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.127.72.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01179{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060300,"flow_src_last_pkt_time":82060300,"flow_dst_last_pkt_time":82060300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064076,"flow_src_last_pkt_time":82064076,"flow_dst_last_pkt_time":82064076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.127.72.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00839{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":83564038,"flow_src_last_pkt_time":83564038,"flow_dst_last_pkt_time":83804788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":91,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":9239,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":83564038,"flow_src_last_pkt_time":83564038,"flow_dst_last_pkt_time":83804788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":91,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":9239,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519791,"flow_src_last_pkt_time":83519791,"flow_dst_last_pkt_time":83519791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"126.117.45.151","src_port":28681,"dst_port":19323,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519791,"flow_src_last_pkt_time":83519791,"flow_dst_last_pkt_time":83519791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"126.117.45.151","src_port":28681,"dst_port":19323,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057536,"flow_src_last_pkt_time":82057536,"flow_dst_last_pkt_time":82057536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.182.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057536,"flow_src_last_pkt_time":82057536,"flow_dst_last_pkt_time":82057536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.182.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064449,"flow_src_last_pkt_time":82064449,"flow_dst_last_pkt_time":82064449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.182.171.50","src_port":28681,"dst_port":15180,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064449,"flow_src_last_pkt_time":82064449,"flow_dst_last_pkt_time":82064449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.182.171.50","src_port":28681,"dst_port":15180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063492,"flow_src_last_pkt_time":82063492,"flow_dst_last_pkt_time":82063492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063492,"flow_src_last_pkt_time":82063492,"flow_dst_last_pkt_time":82063492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061887,"flow_src_last_pkt_time":82061887,"flow_dst_last_pkt_time":82061887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.177.5.135","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061887,"flow_src_last_pkt_time":82061887,"flow_dst_last_pkt_time":82061887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.177.5.135","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059148,"flow_src_last_pkt_time":82059148,"flow_dst_last_pkt_time":82059148,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.159.111","src_port":28681,"dst_port":44729,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059148,"flow_src_last_pkt_time":82059148,"flow_dst_last_pkt_time":82059148,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.159.111","src_port":28681,"dst_port":44729,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518912,"flow_src_last_pkt_time":83518912,"flow_dst_last_pkt_time":83518912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.169.215.227","src_port":28681,"dst_port":26820,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518912,"flow_src_last_pkt_time":83518912,"flow_dst_last_pkt_time":83518912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.169.215.227","src_port":28681,"dst_port":26820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063616,"flow_src_last_pkt_time":82063616,"flow_dst_last_pkt_time":82063616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.44.126.74","src_port":28681,"dst_port":54633,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063616,"flow_src_last_pkt_time":82063616,"flow_dst_last_pkt_time":82063616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.44.126.74","src_port":28681,"dst_port":54633,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060041,"flow_src_last_pkt_time":82060041,"flow_dst_last_pkt_time":82060041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.162.52.93","src_port":28681,"dst_port":34799,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060041,"flow_src_last_pkt_time":82060041,"flow_dst_last_pkt_time":82060041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.162.52.93","src_port":28681,"dst_port":34799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066069,"flow_src_last_pkt_time":82066069,"flow_dst_last_pkt_time":82066069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.166.132.204","src_port":28681,"dst_port":11194,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066069,"flow_src_last_pkt_time":82066069,"flow_dst_last_pkt_time":82066069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.166.132.204","src_port":28681,"dst_port":11194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065387,"flow_src_last_pkt_time":82065387,"flow_dst_last_pkt_time":82065387,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"120.156.204.38","src_port":28681,"dst_port":54832,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065387,"flow_src_last_pkt_time":82065387,"flow_dst_last_pkt_time":82065387,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"120.156.204.38","src_port":28681,"dst_port":54832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064635,"flow_src_last_pkt_time":82064635,"flow_dst_last_pkt_time":82064635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.73.129.26","src_port":28681,"dst_port":53585,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064635,"flow_src_last_pkt_time":82064635,"flow_dst_last_pkt_time":82064635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.73.129.26","src_port":28681,"dst_port":53585,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066178,"flow_src_last_pkt_time":82066178,"flow_dst_last_pkt_time":82066178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.242.191.215","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066178,"flow_src_last_pkt_time":82066178,"flow_dst_last_pkt_time":82066178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.242.191.215","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066316,"flow_src_last_pkt_time":82066316,"flow_dst_last_pkt_time":82066316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.64.215","src_port":28681,"dst_port":25058,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066316,"flow_src_last_pkt_time":82066316,"flow_dst_last_pkt_time":82066316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.64.215","src_port":28681,"dst_port":25058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518339,"flow_src_last_pkt_time":83518339,"flow_dst_last_pkt_time":83518339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.3.223","src_port":28681,"dst_port":12848,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518339,"flow_src_last_pkt_time":83518339,"flow_dst_last_pkt_time":83518339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.3.223","src_port":28681,"dst_port":12848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064299,"flow_src_last_pkt_time":82064299,"flow_dst_last_pkt_time":82064299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064299,"flow_src_last_pkt_time":82064299,"flow_dst_last_pkt_time":82064299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059900,"flow_src_last_pkt_time":82059900,"flow_dst_last_pkt_time":82059900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.157.59.43","src_port":28681,"dst_port":56919,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059900,"flow_src_last_pkt_time":82059900,"flow_dst_last_pkt_time":82059900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.157.59.43","src_port":28681,"dst_port":56919,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519424,"flow_src_last_pkt_time":83519424,"flow_dst_last_pkt_time":83519424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519424,"flow_src_last_pkt_time":83519424,"flow_dst_last_pkt_time":83519424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063123,"flow_src_last_pkt_time":82063123,"flow_dst_last_pkt_time":82063123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.195.105.243","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063123,"flow_src_last_pkt_time":82063123,"flow_dst_last_pkt_time":82063123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.195.105.243","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061491,"flow_src_last_pkt_time":82061491,"flow_dst_last_pkt_time":82061491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"178.51.146.115","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061491,"flow_src_last_pkt_time":82061491,"flow_dst_last_pkt_time":82061491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"178.51.146.115","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062738,"flow_src_last_pkt_time":82062738,"flow_dst_last_pkt_time":82062738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.182.44.202","src_port":28681,"dst_port":30277,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062738,"flow_src_last_pkt_time":82062738,"flow_dst_last_pkt_time":82062738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.182.44.202","src_port":28681,"dst_port":30277,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060791,"flow_src_last_pkt_time":82060791,"flow_dst_last_pkt_time":82060791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.74.159.56","src_port":28681,"dst_port":29271,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060791,"flow_src_last_pkt_time":82060791,"flow_dst_last_pkt_time":82060791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.74.159.56","src_port":28681,"dst_port":29271,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065828,"flow_src_last_pkt_time":82065828,"flow_dst_last_pkt_time":82065828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.29.197.138","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065828,"flow_src_last_pkt_time":82065828,"flow_dst_last_pkt_time":82065828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.29.197.138","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517645,"flow_src_last_pkt_time":83517645,"flow_dst_last_pkt_time":83517645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.120.146","src_port":28681,"dst_port":12838,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517645,"flow_src_last_pkt_time":83517645,"flow_dst_last_pkt_time":83517645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.120.146","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519999,"flow_src_last_pkt_time":83519999,"flow_dst_last_pkt_time":83519999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.52.115","src_port":28681,"dst_port":53956,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519999,"flow_src_last_pkt_time":83519999,"flow_dst_last_pkt_time":83519999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.52.115","src_port":28681,"dst_port":53956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517985,"flow_src_last_pkt_time":83517985,"flow_dst_last_pkt_time":83517985,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"186.93.139.92","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517985,"flow_src_last_pkt_time":83517985,"flow_dst_last_pkt_time":83517985,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"186.93.139.92","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057279,"flow_src_last_pkt_time":82057279,"flow_dst_last_pkt_time":82057279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"174.115.111.224","src_port":28681,"dst_port":51984,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057279,"flow_src_last_pkt_time":82057279,"flow_dst_last_pkt_time":82057279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"174.115.111.224","src_port":28681,"dst_port":51984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065036,"flow_src_last_pkt_time":82065036,"flow_dst_last_pkt_time":82065036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065036,"flow_src_last_pkt_time":82065036,"flow_dst_last_pkt_time":82065036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063782,"flow_src_last_pkt_time":82063782,"flow_dst_last_pkt_time":82063782,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.150.126.156","src_port":28681,"dst_port":16471,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063782,"flow_src_last_pkt_time":82063782,"flow_dst_last_pkt_time":82063782,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.150.126.156","src_port":28681,"dst_port":16471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061374,"flow_src_last_pkt_time":82061374,"flow_dst_last_pkt_time":82061374,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.46.253.7","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061374,"flow_src_last_pkt_time":82061374,"flow_dst_last_pkt_time":82061374,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.46.253.7","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519593,"flow_src_last_pkt_time":83519593,"flow_dst_last_pkt_time":83519593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"212.68.248.153","src_port":28681,"dst_port":27223,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519593,"flow_src_last_pkt_time":83519593,"flow_dst_last_pkt_time":83519593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"212.68.248.153","src_port":28681,"dst_port":27223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065556,"flow_src_last_pkt_time":82065556,"flow_dst_last_pkt_time":82065556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.126.240.32","src_port":28681,"dst_port":45313,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065556,"flow_src_last_pkt_time":82065556,"flow_dst_last_pkt_time":82065556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.126.240.32","src_port":28681,"dst_port":45313,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065172,"flow_src_last_pkt_time":82065172,"flow_dst_last_pkt_time":82065172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065172,"flow_src_last_pkt_time":82065172,"flow_dst_last_pkt_time":82065172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519791,"flow_src_last_pkt_time":83519791,"flow_dst_last_pkt_time":83519791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"126.117.45.151","src_port":28681,"dst_port":19323,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057536,"flow_src_last_pkt_time":82057536,"flow_dst_last_pkt_time":82057536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.182.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064449,"flow_src_last_pkt_time":82064449,"flow_dst_last_pkt_time":82064449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.182.171.50","src_port":28681,"dst_port":15180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01178{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063492,"flow_src_last_pkt_time":82063492,"flow_dst_last_pkt_time":82063492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01179{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061887,"flow_src_last_pkt_time":82061887,"flow_dst_last_pkt_time":82061887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.177.5.135","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059148,"flow_src_last_pkt_time":82059148,"flow_dst_last_pkt_time":82059148,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.159.111","src_port":28681,"dst_port":44729,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518912,"flow_src_last_pkt_time":83518912,"flow_dst_last_pkt_time":83518912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.169.215.227","src_port":28681,"dst_port":26820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063616,"flow_src_last_pkt_time":82063616,"flow_dst_last_pkt_time":82063616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.44.126.74","src_port":28681,"dst_port":54633,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060041,"flow_src_last_pkt_time":82060041,"flow_dst_last_pkt_time":82060041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.162.52.93","src_port":28681,"dst_port":34799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066069,"flow_src_last_pkt_time":82066069,"flow_dst_last_pkt_time":82066069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.166.132.204","src_port":28681,"dst_port":11194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065387,"flow_src_last_pkt_time":82065387,"flow_dst_last_pkt_time":82065387,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"120.156.204.38","src_port":28681,"dst_port":54832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064635,"flow_src_last_pkt_time":82064635,"flow_dst_last_pkt_time":82064635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.73.129.26","src_port":28681,"dst_port":53585,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066178,"flow_src_last_pkt_time":82066178,"flow_dst_last_pkt_time":82066178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.242.191.215","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82066316,"flow_src_last_pkt_time":82066316,"flow_dst_last_pkt_time":82066316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.64.215","src_port":28681,"dst_port":25058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83518339,"flow_src_last_pkt_time":83518339,"flow_dst_last_pkt_time":83518339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.3.223","src_port":28681,"dst_port":12848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82064299,"flow_src_last_pkt_time":82064299,"flow_dst_last_pkt_time":82064299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82059900,"flow_src_last_pkt_time":82059900,"flow_dst_last_pkt_time":82059900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.157.59.43","src_port":28681,"dst_port":56919,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519424,"flow_src_last_pkt_time":83519424,"flow_dst_last_pkt_time":83519424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063123,"flow_src_last_pkt_time":82063123,"flow_dst_last_pkt_time":82063123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.195.105.243","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061491,"flow_src_last_pkt_time":82061491,"flow_dst_last_pkt_time":82061491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"178.51.146.115","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82062738,"flow_src_last_pkt_time":82062738,"flow_dst_last_pkt_time":82062738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.182.44.202","src_port":28681,"dst_port":30277,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82060791,"flow_src_last_pkt_time":82060791,"flow_dst_last_pkt_time":82060791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.74.159.56","src_port":28681,"dst_port":29271,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065828,"flow_src_last_pkt_time":82065828,"flow_dst_last_pkt_time":82065828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.29.197.138","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517645,"flow_src_last_pkt_time":83517645,"flow_dst_last_pkt_time":83517645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.120.146","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519999,"flow_src_last_pkt_time":83519999,"flow_dst_last_pkt_time":83519999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.52.115","src_port":28681,"dst_port":53956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83517985,"flow_src_last_pkt_time":83517985,"flow_dst_last_pkt_time":83517985,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"186.93.139.92","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82057279,"flow_src_last_pkt_time":82057279,"flow_dst_last_pkt_time":82057279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"174.115.111.224","src_port":28681,"dst_port":51984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065036,"flow_src_last_pkt_time":82065036,"flow_dst_last_pkt_time":82065036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82063782,"flow_src_last_pkt_time":82063782,"flow_dst_last_pkt_time":82063782,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.150.126.156","src_port":28681,"dst_port":16471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01178{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82061374,"flow_src_last_pkt_time":82061374,"flow_dst_last_pkt_time":82061374,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.46.253.7","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":83519593,"flow_src_last_pkt_time":83519593,"flow_dst_last_pkt_time":83519593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"212.68.248.153","src_port":28681,"dst_port":27223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065556,"flow_src_last_pkt_time":82065556,"flow_dst_last_pkt_time":82065556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.126.240.32","src_port":28681,"dst_port":45313,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":82065172,"flow_src_last_pkt_time":82065172,"flow_dst_last_pkt_time":82065172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":101122468,"flow_src_last_pkt_time":134428222,"flow_dst_last_pkt_time":101122468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.117.249.98","src_port":28681,"dst_port":6815,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":101122346,"flow_src_last_pkt_time":134428360,"flow_dst_last_pkt_time":101122346,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":123912514,"flow_src_last_pkt_time":123912514,"flow_dst_last_pkt_time":124065276,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.198.205.196","src_port":28681,"dst_port":20778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":101162745,"flow_src_last_pkt_time":177166814,"flow_dst_last_pkt_time":177309077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":3014,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":168555545,"flow_src_last_pkt_time":176659427,"flow_dst_last_pkt_time":176694176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":399,"flow_dst_tot_l4_payload_len":1560,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852470,"flow_src_last_pkt_time":131670910,"flow_dst_last_pkt_time":72852470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":251736997,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":191702410,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852470,"flow_src_last_pkt_time":131670910,"flow_dst_last_pkt_time":72852470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":251736997,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":191702410,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":174322734,"flow_src_last_pkt_time":174322734,"flow_dst_last_pkt_time":174322734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.8.55.158","src_port":28681,"dst_port":51140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":251740913,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":251740913,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":174322199,"flow_src_last_pkt_time":174322199,"flow_dst_last_pkt_time":174322199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.23.24.213","src_port":28681,"dst_port":18561,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":124066131,"flow_src_last_pkt_time":124066131,"flow_dst_last_pkt_time":124181723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":129345202,"flow_src_last_pkt_time":129345202,"flow_dst_last_pkt_time":129345202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.250.253.99","src_port":28681,"dst_port":11819,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -2808,54 +2933,54 @@ 01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":101837355,"flow_src_last_pkt_time":251767811,"flow_dst_last_pkt_time":101837355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":96049643,"flow_src_last_pkt_time":96049643,"flow_dst_last_pkt_time":96049643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01064{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":192636357,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":253024996,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":253024996,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00945{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":160009075,"flow_src_last_pkt_time":163034860,"flow_dst_last_pkt_time":160009075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":51685,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":124090730,"flow_src_last_pkt_time":251763582,"flow_dst_last_pkt_time":251868720,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":95923574,"flow_src_last_pkt_time":95923574,"flow_dst_last_pkt_time":95923574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":251737212,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":71536330,"flow_src_last_pkt_time":243620132,"flow_dst_last_pkt_time":243855304,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":251736500,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":251737212,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":71536330,"flow_src_last_pkt_time":243620132,"flow_dst_last_pkt_time":243855304,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":251736500,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":116628965,"flow_src_last_pkt_time":176285360,"flow_dst_last_pkt_time":176332300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":480,"flow_dst_tot_l4_payload_len":2287,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":251737686,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":251737596,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":251737686,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":251737596,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":129174578,"flow_src_last_pkt_time":129174578,"flow_dst_last_pkt_time":129174578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.197.97.94","src_port":28681,"dst_port":1360,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":174343218,"flow_src_last_pkt_time":174343218,"flow_dst_last_pkt_time":174343218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":28681,"dst_port":36728,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":253023892,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":253023892,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":168840831,"flow_src_last_pkt_time":174342629,"flow_dst_last_pkt_time":168840831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":38297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":192908239,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":192908239,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":129174282,"flow_src_last_pkt_time":129174282,"flow_dst_last_pkt_time":129344463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.226.85.105","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":251769302,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":251769302,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01194{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":168594778,"flow_src_last_pkt_time":176694790,"flow_dst_last_pkt_time":176963996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":399,"flow_dst_tot_l4_payload_len":1560,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.192.210.182","src_port":28681,"dst_port":6754,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":95923521,"flow_src_last_pkt_time":95923521,"flow_dst_last_pkt_time":95923521,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.219","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":251736857,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":251736857,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":96049954,"flow_src_last_pkt_time":129345403,"flow_dst_last_pkt_time":96049954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":95893685,"flow_src_last_pkt_time":251768012,"flow_dst_last_pkt_time":251793606,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":1561,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":95923657,"flow_src_last_pkt_time":139669839,"flow_dst_last_pkt_time":139892044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":1454,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.250.179.237","src_port":28681,"dst_port":20848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":124090360,"flow_src_last_pkt_time":124090360,"flow_dst_last_pkt_time":124090360,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":219447137,"flow_src_last_pkt_time":219447137,"flow_dst_last_pkt_time":219447137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.187.171.240","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":251742741,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":251742741,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":123912290,"flow_src_last_pkt_time":123912290,"flow_dst_last_pkt_time":123912290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.116.64.132","src_port":28681,"dst_port":51227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":251737185,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":251737185,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":95893239,"flow_src_last_pkt_time":123877237,"flow_dst_last_pkt_time":123936810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":1454,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":129174425,"flow_src_last_pkt_time":129174425,"flow_dst_last_pkt_time":129174425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.10.169.10","src_port":28681,"dst_port":12799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":251737327,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":251738527,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":131668865,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":251738105,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":251737327,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":251738527,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":131668865,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":251738105,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":101122636,"flow_src_last_pkt_time":168321077,"flow_dst_last_pkt_time":168840075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":2413,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.64.44.11","src_port":28681,"dst_port":1352,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":168428692,"flow_src_last_pkt_time":174303640,"flow_dst_last_pkt_time":168428692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"198.58.218.12","src_port":28681,"dst_port":47912,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":174303564,"flow_src_last_pkt_time":174303564,"flow_dst_last_pkt_time":174323550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":253024867,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":251736271,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":253024455,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":253024867,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":251736271,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":253024455,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":96049781,"flow_src_last_pkt_time":129345276,"flow_dst_last_pkt_time":96049781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.1.231.138","src_port":28681,"dst_port":56558,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":251739950,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":251739950,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":123912731,"flow_src_last_pkt_time":123912731,"flow_dst_last_pkt_time":123912731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":253024371,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":253024371,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":124066283,"flow_src_last_pkt_time":124066283,"flow_dst_last_pkt_time":124066283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.129.233.60","src_port":28681,"dst_port":19990,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":251740802,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":251740802,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":174342792,"flow_src_last_pkt_time":174342792,"flow_dst_last_pkt_time":174648242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":192908402,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2740,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":192908402,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":269300082,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2742,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":280014541,"flow_src_last_pkt_time":280014541,"flow_dst_last_pkt_time":280014541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":280014541,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57552,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2742,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_src_last_pkt_time":280014541,"flow_dst_last_pkt_time":280014541,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":280014541,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4LMAAAER3GYKAAIP7\/\/\/+uDQB2wAtgxeTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2742,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":280014541,"flow_src_last_pkt_time":280014541,"flow_dst_last_pkt_time":280014541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":280014541,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57552,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} @@ -2864,57 +2989,83 @@ 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":4,"flow_src_last_pkt_time":283055110,"flow_dst_last_pkt_time":280014541,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":283055110,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4LYAAAER3GMKAAIP7\/\/\/+uDQB2wAtgxeTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2748,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308439,"flow_src_last_pkt_time":287308439,"flow_dst_last_pkt_time":287308439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287308439,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.210.81.59","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2748,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_src_last_pkt_time":287308439,"flow_dst_last_pkt_time":287308439,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287308439,"pkt":"UlQAEjUCCAAn5uVZCABFAABpuTwAAIARzSsKAAIPVtJRO3AJGMoAVf5iR05EED+uAQFMQVEyUApVRFBdL+I1CXBbSWKeSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2748,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308439,"flow_src_last_pkt_time":287308439,"flow_dst_last_pkt_time":287308439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287308439,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.210.81.59","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2749,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308993,"flow_src_last_pkt_time":287308993,"flow_dst_last_pkt_time":287308993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287308993,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.247.89.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2749,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_src_last_pkt_time":287308993,"flow_dst_last_pkt_time":287308993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287308993,"pkt":"UlQAEjUCCAAn5uVZCABFAABpBO4AAIARfnwKAAIPUfdZFHAJGMoAVSV2R05EED+vAQFMQVEyUApVRFBdL+I1CXBK2WDkSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2749,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308993,"flow_src_last_pkt_time":287308993,"flow_dst_last_pkt_time":287308993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287308993,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.247.89.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309338,"flow_src_last_pkt_time":287309338,"flow_dst_last_pkt_time":287309338,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287309338,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.173.230.98","src_port":28681,"dst_port":19004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_src_last_pkt_time":287309338,"flow_dst_last_pkt_time":287309338,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287309338,"pkt":"UlQAEjUCCAAn5uVZCABFAABpS4QAAIARIeEKAAIP2q3mYnAJSjwAVZ4oR05EED+wAQFMQVEyUApVRFBdL+I1CXD1PIvASAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309338,"flow_src_last_pkt_time":287309338,"flow_dst_last_pkt_time":287309338,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287309338,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.173.230.98","src_port":28681,"dst_port":19004,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2751,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309691,"flow_src_last_pkt_time":287309691,"flow_dst_last_pkt_time":287309691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287309691,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.100.76.123","src_port":28681,"dst_port":39628,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2751,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_src_last_pkt_time":287309691,"flow_dst_last_pkt_time":287309691,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287309691,"pkt":"UlQAEjUCCAAn5uVZCABFAABpHlMAAIARb0MKAAIPVGRMe3AJmswAVei0R05EED+xAQFMQVEyUApVRFBdL+I1CXAo12urSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2751,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309691,"flow_src_last_pkt_time":287309691,"flow_dst_last_pkt_time":287309691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287309691,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.100.76.123","src_port":28681,"dst_port":39628,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2752,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310048,"flow_src_last_pkt_time":287310048,"flow_dst_last_pkt_time":287310048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287310048,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"8.44.149.207","src_port":28681,"dst_port":30551,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2752,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_src_last_pkt_time":287310048,"flow_dst_last_pkt_time":287310048,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287310048,"pkt":"UlQAEjUCCAAn5uVZCABFAABp7AUAAIARpHQKAAIPCCyVz3AJd1cAVT1hR05EED+yAQFMQVEyUApVRFBdL+I1CXDbuWSaSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2752,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310048,"flow_src_last_pkt_time":287310048,"flow_dst_last_pkt_time":287310048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287310048,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"8.44.149.207","src_port":28681,"dst_port":30551,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2753,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310365,"flow_src_last_pkt_time":287310365,"flow_dst_last_pkt_time":287310365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287310365,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.161.80.82","src_port":28681,"dst_port":8656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2753,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_src_last_pkt_time":287310365,"flow_dst_last_pkt_time":287310365,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287310365,"pkt":"UlQAEjUCCAAn5uVZCABFAABpPEAAAIARoEIKAAIPAaFQUnAJIdAAVf09R05EED+zAQFMQVEyUApVRFBdL+I1CXCAEXIkSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2753,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310365,"flow_src_last_pkt_time":287310365,"flow_dst_last_pkt_time":287310365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287310365,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.161.80.82","src_port":28681,"dst_port":8656,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2754,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310684,"flow_src_last_pkt_time":287310684,"flow_dst_last_pkt_time":287310684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287310684,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.143.34.225","src_port":28681,"dst_port":20071,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2754,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_src_last_pkt_time":287310684,"flow_dst_last_pkt_time":287310684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287310684,"pkt":"UlQAEjUCCAAn5uVZCABFAABpHKcAAIAREl4KAAIP3I8i4XAJTmcAVVqAR05EED+0AQFMQVEyUApVRFBdL+I1CXCHDBLySAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2754,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310684,"flow_src_last_pkt_time":287310684,"flow_dst_last_pkt_time":287310684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287310684,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.143.34.225","src_port":28681,"dst_port":20071,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2755,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310956,"flow_src_last_pkt_time":287310956,"flow_dst_last_pkt_time":287310956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287310956,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2755,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_src_last_pkt_time":287310956,"flow_dst_last_pkt_time":287310956,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":287310956,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gncAAIARfQkKAAIPWKDWiXAJGMoAINp9R05EED+1AQFUC1FLUlAGUk5BXS\/iNQlw"} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2755,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310956,"flow_src_last_pkt_time":287310956,"flow_dst_last_pkt_time":287310956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287310956,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2756,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311299,"flow_src_last_pkt_time":287311299,"flow_dst_last_pkt_time":287311299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287311299,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.156.58.211","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2756,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_src_last_pkt_time":287311299,"flow_dst_last_pkt_time":287311299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287311299,"pkt":"UlQAEjUCCAAn5uVZCABFAABpU7QAAIARcFIKAAIPL5w603AJGMoAVfKmR05EED+2AQFMQVEyUApVRFBdL+I1CXAIdAe9SAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2756,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311299,"flow_src_last_pkt_time":287311299,"flow_dst_last_pkt_time":287311299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287311299,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.156.58.211","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2757,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311602,"flow_src_last_pkt_time":287311602,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287311602,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2757,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_src_last_pkt_time":287311602,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":287311602,"pkt":"UlQAEjUCCAAn5uVZCABFAAA022kAAIARFCYKAAIPStL0SHAJGMoAIMqKR05EED+3AQFUC1FLUlAGUk5BXS\/iNQlw"} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2757,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311602,"flow_src_last_pkt_time":287311602,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287311602,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2758,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311908,"flow_src_last_pkt_time":287311908,"flow_dst_last_pkt_time":287311908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287311908,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.203.45.107","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2758,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_src_last_pkt_time":287311908,"flow_dst_last_pkt_time":287311908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287311908,"pkt":"UlQAEjUCCAAn5uVZCABFAABpqvYAAIARAEkKAAIPVcsta3AJGMoAVcw9R05EED+4AQFMQVEyUApVRFBdL+I1CXBb6lRUSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2758,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311908,"flow_src_last_pkt_time":287311908,"flow_dst_last_pkt_time":287311908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287311908,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.203.45.107","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2759,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312193,"flow_src_last_pkt_time":287312193,"flow_dst_last_pkt_time":287312193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287312193,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.2.62.28","src_port":28681,"dst_port":6387,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2759,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_src_last_pkt_time":287312193,"flow_dst_last_pkt_time":287312193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287312193,"pkt":"UlQAEjUCCAAn5uVZCABFAABpRQoAAIARgU0KAAIPKgI+HHAJGPMAVW5BR05EED+5AQFMQVEyUApVRFBdL+I1CXAtSm1tSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2759,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312193,"flow_src_last_pkt_time":287312193,"flow_dst_last_pkt_time":287312193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287312193,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.2.62.28","src_port":28681,"dst_port":6387,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2760,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312421,"flow_src_last_pkt_time":287312421,"flow_dst_last_pkt_time":287312421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287312421,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"136.32.84.139","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2760,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_src_last_pkt_time":287312421,"flow_dst_last_pkt_time":287312421,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287312421,"pkt":"UlQAEjUCCAAn5uVZCABFAABpUpMAAIAR\/zYKAAIPiCBUi3AJGMoAVZzZR05EED+6AQFMQVEyUApVRFBdL+I1CXAH+JUcSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2760,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312421,"flow_src_last_pkt_time":287312421,"flow_dst_last_pkt_time":287312421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287312421,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"136.32.84.139","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2761,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312665,"flow_src_last_pkt_time":287312665,"flow_dst_last_pkt_time":287312665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287312665,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.4.204.220","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2761,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_src_last_pkt_time":287312665,"flow_dst_last_pkt_time":287312665,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287312665,"pkt":"UlQAEjUCCAAn5uVZCABFAABpbgEAAIARwZMKAAIPMgTM3HAJGMoAVXirR05EED+7AQFMQVEyUApVRFBdL+I1CXD7jJmJSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2761,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312665,"flow_src_last_pkt_time":287312665,"flow_dst_last_pkt_time":287312665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287312665,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.4.204.220","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2762,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312889,"flow_src_last_pkt_time":287312889,"flow_dst_last_pkt_time":287312889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287312889,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.144.99.73","src_port":28681,"dst_port":10745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2762,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_src_last_pkt_time":287312889,"flow_dst_last_pkt_time":287312889,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287312889,"pkt":"UlQAEjUCCAAn5uVZCABFAABpGF4AAIARVj4KAAIPXJBjSXAJKfkAVVAmR05EED+8AQFMQVEyUApVRFBdL+I1CXDZtxe1SAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2762,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312889,"flow_src_last_pkt_time":287312889,"flow_dst_last_pkt_time":287312889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287312889,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.144.99.73","src_port":28681,"dst_port":10745,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2763,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287313271,"flow_src_last_pkt_time":287313271,"flow_dst_last_pkt_time":287313271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287313271,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.142.109.190","src_port":28681,"dst_port":41370,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2763,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_src_last_pkt_time":287313271,"flow_dst_last_pkt_time":287313271,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287313271,"pkt":"UlQAEjUCCAAn5uVZCABFAABpV3kAAIARDLAKAAIPXI5tvnAJoZoAVQupR05EED+9AQFMQVEyUApVRFBdL+I1CXA3XiHRSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2763,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287313271,"flow_src_last_pkt_time":287313271,"flow_dst_last_pkt_time":287313271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287313271,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.142.109.190","src_port":28681,"dst_port":41370,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2765,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":5,"flow_src_last_pkt_time":287313728,"flow_dst_last_pkt_time":124089575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":287313728,"pkt":"UlQAEjUCCAAn5uVZCABFAABUOJEAAIAR8ZAKAAIPubtKrXAJ0PEAQMSnXS\/iNTECAGQaxPLpTglwD4ABACEAAAD5AHBpbmtmbG95ZADDAlFLRB3BTv4DU0NQQAFaQIJQUkA="} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2767,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314125,"flow_src_last_pkt_time":287314125,"flow_dst_last_pkt_time":287314125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287314125,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.94.85.113","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2767,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_src_last_pkt_time":287314125,"flow_dst_last_pkt_time":287314125,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287314125,"pkt":"UlQAEjUCCAAn5uVZCABFAABpnB4AAIAR7YcKAAIPT15VcXAJGMoAVSitR05EED++AQFMQVEyUApVRFBdL+I1CXC2+OrHSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2767,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314125,"flow_src_last_pkt_time":287314125,"flow_dst_last_pkt_time":287314125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287314125,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.94.85.113","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2768,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314350,"flow_src_last_pkt_time":287314350,"flow_dst_last_pkt_time":287314350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287314350,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.47.223.27","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2768,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_src_last_pkt_time":287314350,"flow_dst_last_pkt_time":287314350,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287314350,"pkt":"UlQAEjUCCAAn5uVZCABFAABpmn8AAIARcKsKAAIPRC\/fG3AJGMoAVbg\/R05EED+\/AQFMQVEyUApVRFBdL+I1CXCJygjoSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2768,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314350,"flow_src_last_pkt_time":287314350,"flow_dst_last_pkt_time":287314350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287314350,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.47.223.27","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2769,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314573,"flow_src_last_pkt_time":287314573,"flow_dst_last_pkt_time":287314573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287314573,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"209.204.207.5","src_port":28681,"dst_port":49256,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2769,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_src_last_pkt_time":287314573,"flow_dst_last_pkt_time":287314573,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287314573,"pkt":"UlQAEjUCCAAn5uVZCABFAABpsMgAAIAR3NoKAAIP0czPBXAJwGgAVVmNR05EED\/AAQFMQVEyUApVRFBdL+I1CXDFlVhWSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2769,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314573,"flow_src_last_pkt_time":287314573,"flow_dst_last_pkt_time":287314573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287314573,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"209.204.207.5","src_port":28681,"dst_port":49256,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2770,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314783,"flow_src_last_pkt_time":287314783,"flow_dst_last_pkt_time":287314783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287314783,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.196.216.12","src_port":28681,"dst_port":58910,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2770,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":1,"flow_src_last_pkt_time":287314783,"flow_dst_last_pkt_time":287314783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287314783,"pkt":"UlQAEjUCCAAn5uVZCABFAABph8IAAIARf+IKAAIPTsTYDHAJ5h4AVWPLR05EED\/BAQFMQVEyUApVRFBdL+I1CXDwiDmtSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2770,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314783,"flow_src_last_pkt_time":287314783,"flow_dst_last_pkt_time":287314783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287314783,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.196.216.12","src_port":28681,"dst_port":58910,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2771,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314979,"flow_src_last_pkt_time":287314979,"flow_dst_last_pkt_time":287314979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287314979,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.114.40.175","src_port":28681,"dst_port":23552,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2771,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_src_last_pkt_time":287314979,"flow_dst_last_pkt_time":287314979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287314979,"pkt":"UlQAEjUCCAAn5uVZCABFAABpvHwAAIAR9dcKAAIPU3Ior3AJXAAAVSFCR05EED\/CAQFMQVEyUApVRFBdL+I1CXAlJFuJSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2771,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314979,"flow_src_last_pkt_time":287314979,"flow_dst_last_pkt_time":287314979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287314979,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.114.40.175","src_port":28681,"dst_port":23552,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2772,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315207,"flow_src_last_pkt_time":287315207,"flow_dst_last_pkt_time":287315207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287315207,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.137.106.173","src_port":28681,"dst_port":11625,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2772,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_src_last_pkt_time":287315207,"flow_dst_last_pkt_time":287315207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287315207,"pkt":"UlQAEjUCCAAn5uVZCABFAABp2kQAAIARDPoKAAIP3IlqrXAJLWkAVTFkR05EED\/DAQFMQVEyUApVRFBdL+I1CXDPsw9NSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01147{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2772,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315207,"flow_src_last_pkt_time":287315207,"flow_dst_last_pkt_time":287315207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287315207,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.137.106.173","src_port":28681,"dst_port":11625,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2773,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315409,"flow_src_last_pkt_time":287315409,"flow_dst_last_pkt_time":287315409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287315409,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.246.147.72","src_port":28681,"dst_port":4572,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2773,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_src_last_pkt_time":287315409,"flow_dst_last_pkt_time":287315409,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287315409,"pkt":"UlQAEjUCCAAn5uVZCABFAABpRHMAAIAR3sMKAAIPd\/aTSHAJEdwAVb+qR05EED\/EAQFMQVEyUApVRFBdL+I1CXCNl48ySAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2773,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315409,"flow_src_last_pkt_time":287315409,"flow_dst_last_pkt_time":287315409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287315409,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.246.147.72","src_port":28681,"dst_port":4572,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2774,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315710,"flow_src_last_pkt_time":287315710,"flow_dst_last_pkt_time":287315710,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287315710,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.162.27","src_port":28681,"dst_port":7986,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2774,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_src_last_pkt_time":287315710,"flow_dst_last_pkt_time":287315710,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287315710,"pkt":"UlQAEjUCCAAn5uVZCABFAABpwVIAAIARphgKAAIPJO+iG3AJHzIAVfUVR05EED\/FAQFMQVEyUApVRFBdL+I1CXD7uZMRSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2774,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315710,"flow_src_last_pkt_time":287315710,"flow_dst_last_pkt_time":287315710,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287315710,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.162.27","src_port":28681,"dst_port":7986,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2775,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316018,"flow_src_last_pkt_time":287316018,"flow_dst_last_pkt_time":287316018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287316018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2775,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_src_last_pkt_time":287316018,"flow_dst_last_pkt_time":287316018,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":287316018,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0odEAAIARgwYKAAIPypc\/O3AJHcgAIPrFR05EED\/GAQFUC1FLUlAGUk5BXS\/iNQlw"} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2775,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316018,"flow_src_last_pkt_time":287316018,"flow_dst_last_pkt_time":287316018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287316018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2776,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316233,"flow_src_last_pkt_time":287316233,"flow_dst_last_pkt_time":287316233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287316233,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":28681,"dst_port":8070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2776,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_src_last_pkt_time":287316233,"flow_dst_last_pkt_time":287316233,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":287316233,"pkt":"UlQAEjUCCAAn5uVZCABFAABp+G8AAIARKqgKAAIP20YwF3AJH4YAVfd3R05EED\/HAQFMQVEyUApVRFBdL+I1CXBhgiICSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2776,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316233,"flow_src_last_pkt_time":287316233,"flow_dst_last_pkt_time":287316233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":287316233,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":28681,"dst_port":8070,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2777,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":2,"flow_src_last_pkt_time":287316376,"flow_dst_last_pkt_time":251763326,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":287316376,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4Im8AAIARH94KAAIPJO3HbHAJ2ugAJBUGCNsxAuNxtNL\/CPfpN9LYAwABAAUAAADDglFLQA=="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":2,"flow_src_last_pkt_time":287316451,"flow_dst_last_pkt_time":251763431,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":287316451,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4rcIAAIARpOAKAAIPWcyCN3AJc2kAJDj2y8wxAiUpPSv\/Rrn8E2YBAwABAAUAAADDglFLQA=="} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2779,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":4,"flow_src_last_pkt_time":287316477,"flow_dst_last_pkt_time":251868720,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":287316477,"pkt":"UlQAEjUCCAAn5uVZCABFAABUN+wAAIARg5MKAAIPzyaj5HAJGnoAQMvDXS\/iNTECAGQaxPLpTglwD4ABACEAAAD5AHBpbmtmbG95ZADDAlFLRIVOKCoDU0NQQAFaQIJQUkA="} @@ -3515,8 +3666,7 @@ 00921{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3207,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":2,"flow_src_last_pkt_time":287315710,"flow_dst_last_pkt_time":288490528,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":288490528,"pkt":"CAAn5uVZUlQAEjUCCABFAAFWC3sAAEARmwMk76IbCgACDx8ycAkBQkS1R05EAVjxAQF4nOspZwx09GAJCT7CpZrkwOGi8n6RtJH8bgYgs0hiW9ONsGMg5p3WqpuLoo8zgBVcnfQtZB+Iedtdp9LOYjtYQWfW2kzdvWBtapxB8+MOg5haScUNi6J3gJi3lqi\/LA88AdYWyh36SPMAiLl+mzr3RiMwU+Wl1qUOUbCCO23Lg\/aI7Qcxq8\/WpXmKHAWr3Trni72CMtgENwPxNnk1ELP8O9ujj6rqYCZf\/9tF0Qxg5rfJHncEwQps72h+nCrGBHYOk53MZwkFEHP75qiCGjVtsAKHjaaLovnBTlef5fpAiBHEPDXd3vqErCCIybgwIOiCojzEkcz3DYyACtiCIaJABiSYgIw7\/UoP0\/2ADIhDgAyI9zxYghx1GBkYGGL1H5kaMjGkSB359NKPs4AfAD6Dfz4="} 01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":95893440,"flow_src_last_pkt_time":95893440,"flow_dst_last_pkt_time":95893440,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.236.200.137","src_port":28681,"dst_port":48142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":96049643,"flow_src_last_pkt_time":96049643,"flow_dst_last_pkt_time":96049643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":93713981,"flow_src_last_pkt_time":93713981,"flow_dst_last_pkt_time":93713981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":93713981,"flow_src_last_pkt_time":93713981,"flow_dst_last_pkt_time":93713981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":93713981,"flow_src_last_pkt_time":93713981,"flow_dst_last_pkt_time":93713981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00833{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61975321,"flow_src_last_pkt_time":61975321,"flow_dst_last_pkt_time":149634575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":50193,"dst_port":46010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00745{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61975321,"flow_src_last_pkt_time":61975321,"flow_dst_last_pkt_time":149634575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":50193,"dst_port":46010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":95923521,"flow_src_last_pkt_time":95923521,"flow_dst_last_pkt_time":95923521,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.219","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -3527,46 +3677,46 @@ 00745{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61975137,"flow_src_last_pkt_time":61975137,"flow_dst_last_pkt_time":149634682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":50192,"dst_port":16201,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00835{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61974915,"flow_src_last_pkt_time":61974915,"flow_dst_last_pkt_time":149634723,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":50191,"dst_port":6778,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":8,"flow_first_seen":61974915,"flow_src_last_pkt_time":61974915,"flow_dst_last_pkt_time":149634723,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":50191,"dst_port":6778,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":251735454,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":251737467,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":191703548,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132833303,"flow_src_last_pkt_time":132833303,"flow_dst_last_pkt_time":132833303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":1032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":251736668,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":253025614,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132831233,"flow_src_last_pkt_time":132831233,"flow_dst_last_pkt_time":132831233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":25282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":253025967,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":251735642,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":253024213,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238800,"flow_src_last_pkt_time":229238800,"flow_dst_last_pkt_time":229238800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.131.202.24","src_port":28681,"dst_port":44748,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":191700445,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":251737771,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238441,"flow_src_last_pkt_time":229238441,"flow_dst_last_pkt_time":229238441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.56.198","src_port":28681,"dst_port":11984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060665,"flow_src_last_pkt_time":192907653,"flow_dst_last_pkt_time":82060665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":132833113,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":253025519,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229240388,"flow_src_last_pkt_time":229240388,"flow_dst_last_pkt_time":229240388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.35.190.5","src_port":28681,"dst_port":18604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":253025846,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059383,"flow_src_last_pkt_time":131671261,"flow_dst_last_pkt_time":82059383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":251736359,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":253024061,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239365,"flow_src_last_pkt_time":229239365,"flow_dst_last_pkt_time":229239365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.185.126","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":191704243,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":253026184,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":132832598,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":253025731,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":191703174,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":251737918,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059497,"flow_src_last_pkt_time":131670469,"flow_dst_last_pkt_time":82059497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":191703392,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062993,"flow_src_last_pkt_time":131669387,"flow_dst_last_pkt_time":82062993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82061259,"flow_src_last_pkt_time":132833697,"flow_dst_last_pkt_time":82061259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.157.183.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":253024749,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062130,"flow_src_last_pkt_time":131672351,"flow_dst_last_pkt_time":82062130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":131668560,"flow_src_last_pkt_time":131668560,"flow_dst_last_pkt_time":131668560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"187.37.87.189","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":253025278,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059277,"flow_src_last_pkt_time":131673144,"flow_dst_last_pkt_time":82059277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239821,"flow_src_last_pkt_time":229239821,"flow_dst_last_pkt_time":229239821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.122.233.15","src_port":28681,"dst_port":11488,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":251738248,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":251735454,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":251737467,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":191703548,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132833303,"flow_src_last_pkt_time":132833303,"flow_dst_last_pkt_time":132833303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":1032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":251736668,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":253025614,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132831233,"flow_src_last_pkt_time":132831233,"flow_dst_last_pkt_time":132831233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":25282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":253025967,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":251735642,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":253024213,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238800,"flow_src_last_pkt_time":229238800,"flow_dst_last_pkt_time":229238800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.131.202.24","src_port":28681,"dst_port":44748,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":191700445,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":251737771,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238441,"flow_src_last_pkt_time":229238441,"flow_dst_last_pkt_time":229238441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.56.198","src_port":28681,"dst_port":11984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060665,"flow_src_last_pkt_time":192907653,"flow_dst_last_pkt_time":82060665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":132833113,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":253025519,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229240388,"flow_src_last_pkt_time":229240388,"flow_dst_last_pkt_time":229240388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.35.190.5","src_port":28681,"dst_port":18604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":253025846,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059383,"flow_src_last_pkt_time":131671261,"flow_dst_last_pkt_time":82059383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":251736359,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":253024061,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239365,"flow_src_last_pkt_time":229239365,"flow_dst_last_pkt_time":229239365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.185.126","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":191704243,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":253026184,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":132832598,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":253025731,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":191703174,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":251737918,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059497,"flow_src_last_pkt_time":131670469,"flow_dst_last_pkt_time":82059497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":191703392,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062993,"flow_src_last_pkt_time":131669387,"flow_dst_last_pkt_time":82062993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82061259,"flow_src_last_pkt_time":132833697,"flow_dst_last_pkt_time":82061259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.157.183.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":253024749,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062130,"flow_src_last_pkt_time":131672351,"flow_dst_last_pkt_time":82062130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":131668560,"flow_src_last_pkt_time":131668560,"flow_dst_last_pkt_time":131668560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"187.37.87.189","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":253025278,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059277,"flow_src_last_pkt_time":131673144,"flow_dst_last_pkt_time":82059277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239821,"flow_src_last_pkt_time":229239821,"flow_dst_last_pkt_time":229239821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.122.233.15","src_port":28681,"dst_port":11488,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":251738248,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":288490528,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3211,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":289961626,"flow_src_last_pkt_time":289961626,"flow_dst_last_pkt_time":289961626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":289961626,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3211,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":746,"flow_packet_id":1,"flow_src_last_pkt_time":289961626,"flow_dst_last_pkt_time":289961626,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":289961626,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4bogAAIARxeoKAAIPe81+ZnAJFEkAJPn9btcxAoLvbJD\/ZQI2cb+qAwABAAUAAADDglFLQA=="} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3212,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":289962007,"flow_src_last_pkt_time":289962007,"flow_dst_last_pkt_time":289962007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":289962007,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.163","src_port":28681,"dst_port":6599,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -3576,24 +3726,24 @@ 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3217,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":3,"flow_src_last_pkt_time":291154795,"flow_dst_last_pkt_time":291154130,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":291154795,"pkt":"UlQAEjUCCAAn5uVZCABFAABUghEAAIARahcKAAIPSVn5CHAJxdkAQIPAXS\/iNTECAGQaxPLpTglwD4ABACEAAAD5AHBpbmtmbG95ZADDAlFLRNOcpygDU0NQQAFaQIJQUkA="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3220,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":4,"flow_src_last_pkt_time":291154795,"flow_dst_last_pkt_time":294825827,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_usec":294825827,"pkt":"CAAn5uVZUlQAEjUCCABFAABWC6YAAEARIIFJWfkICgACD8XZcAkAQvx4XS\/iNTECAGQaxPLpTglwDwEBACMAAAAfW0fvrRIAAAAACAAAAMMDREhUQwAAAgNHVUVAglVQQwAjDg=="} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243616097,"flow_src_last_pkt_time":287511110,"flow_dst_last_pkt_time":243616097,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"180.200.236.13","src_port":28681,"dst_port":12082,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743232,"flow_src_last_pkt_time":251743232,"flow_dst_last_pkt_time":251743232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.255.145.191","src_port":28681,"dst_port":47264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739244,"flow_src_last_pkt_time":251739244,"flow_dst_last_pkt_time":251739244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.234.216.251","src_port":28681,"dst_port":17845,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743232,"flow_src_last_pkt_time":251743232,"flow_dst_last_pkt_time":251743232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.255.145.191","src_port":28681,"dst_port":47264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739244,"flow_src_last_pkt_time":251739244,"flow_dst_last_pkt_time":251739244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.234.216.251","src_port":28681,"dst_port":17845,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251763326,"flow_src_last_pkt_time":287316376,"flow_dst_last_pkt_time":251763326,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.199.108","src_port":28681,"dst_port":56040,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251765454,"flow_src_last_pkt_time":287317165,"flow_dst_last_pkt_time":287535563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742442,"flow_src_last_pkt_time":251742442,"flow_dst_last_pkt_time":251742442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.71.44.121","src_port":28681,"dst_port":14398,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742442,"flow_src_last_pkt_time":251742442,"flow_dst_last_pkt_time":251742442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.71.44.121","src_port":28681,"dst_port":14398,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":89829259,"flow_src_last_pkt_time":174145848,"flow_dst_last_pkt_time":174528829,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":3014,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.84.178.16","src_port":28681,"dst_port":60262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":95216801,"flow_src_last_pkt_time":162802551,"flow_dst_last_pkt_time":95216801,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.201.208.57","src_port":28681,"dst_port":38617,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740552,"flow_src_last_pkt_time":251740552,"flow_dst_last_pkt_time":251740552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.143.28.64","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740138,"flow_src_last_pkt_time":251740138,"flow_dst_last_pkt_time":251740138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.2.245","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742217,"flow_src_last_pkt_time":251742217,"flow_dst_last_pkt_time":251742217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.15.216.216","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740552,"flow_src_last_pkt_time":251740552,"flow_dst_last_pkt_time":251740552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.143.28.64","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740138,"flow_src_last_pkt_time":251740138,"flow_dst_last_pkt_time":251740138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.2.245","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742217,"flow_src_last_pkt_time":251742217,"flow_dst_last_pkt_time":251742217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.15.216.216","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":95264476,"flow_src_last_pkt_time":175759013,"flow_dst_last_pkt_time":176255145,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":3741,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.220.186.140","src_port":28681,"dst_port":27641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251801646,"flow_src_last_pkt_time":287320078,"flow_dst_last_pkt_time":251801646,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.13.148","src_port":28681,"dst_port":51896,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742020,"flow_src_last_pkt_time":251742020,"flow_dst_last_pkt_time":251742020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.35.219","src_port":28681,"dst_port":42211,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742020,"flow_src_last_pkt_time":251742020,"flow_dst_last_pkt_time":251742020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.35.219","src_port":28681,"dst_port":42211,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243619784,"flow_src_last_pkt_time":287427833,"flow_dst_last_pkt_time":287621392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.134.136","src_port":28681,"dst_port":21407,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":90005361,"flow_src_last_pkt_time":287321463,"flow_dst_last_pkt_time":287355218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":726,"flow_dst_tot_l4_payload_len":4067,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":90072633,"flow_src_last_pkt_time":163183918,"flow_dst_last_pkt_time":90072633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.26.216.95","src_port":28681,"dst_port":13889,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":95754583,"flow_src_last_pkt_time":139695067,"flow_dst_last_pkt_time":139756356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":1454,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743840,"flow_src_last_pkt_time":251743840,"flow_dst_last_pkt_time":251743840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.135.15.86","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743840,"flow_src_last_pkt_time":251743840,"flow_dst_last_pkt_time":251743840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.135.15.86","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251800801,"flow_src_last_pkt_time":287319532,"flow_dst_last_pkt_time":251800801,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":45880,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243620353,"flow_src_last_pkt_time":243620353,"flow_dst_last_pkt_time":243620353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.102.148.166","src_port":28681,"dst_port":31332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251801238,"flow_src_last_pkt_time":287319859,"flow_dst_last_pkt_time":251801238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":45640,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -3605,32 +3755,32 @@ 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251800408,"flow_src_last_pkt_time":287319339,"flow_dst_last_pkt_time":251800408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":45744,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":139506403,"flow_src_last_pkt_time":139506403,"flow_dst_last_pkt_time":139506403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.35.85.238","src_port":28681,"dst_port":32173,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251800203,"flow_src_last_pkt_time":287319240,"flow_dst_last_pkt_time":251800203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":43457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802309,"flow_src_last_pkt_time":251802309,"flow_dst_last_pkt_time":251802309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.120.219.74","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802309,"flow_src_last_pkt_time":251802309,"flow_dst_last_pkt_time":251802309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.120.219.74","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251801076,"flow_src_last_pkt_time":287319762,"flow_dst_last_pkt_time":251801076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.18.172.208","src_port":28681,"dst_port":63172,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243616903,"flow_src_last_pkt_time":287526058,"flow_dst_last_pkt_time":287598509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.58.211.52","src_port":28681,"dst_port":3806,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243618410,"flow_src_last_pkt_time":287682903,"flow_dst_last_pkt_time":243618410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.172.10.90","src_port":28681,"dst_port":40162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743428,"flow_src_last_pkt_time":251743428,"flow_dst_last_pkt_time":251743428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.24.146.101","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768679,"flow_src_last_pkt_time":251768679,"flow_dst_last_pkt_time":251768679,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"2.28.39.18","src_port":28681,"dst_port":15672,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743428,"flow_src_last_pkt_time":251743428,"flow_dst_last_pkt_time":251743428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.24.146.101","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768679,"flow_src_last_pkt_time":251768679,"flow_dst_last_pkt_time":251768679,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"2.28.39.18","src_port":28681,"dst_port":15672,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":95443212,"flow_src_last_pkt_time":176333600,"flow_dst_last_pkt_time":176562520,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":3741,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":93714209,"flow_src_last_pkt_time":253026052,"flow_dst_last_pkt_time":93714209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251741922,"flow_src_last_pkt_time":251741922,"flow_dst_last_pkt_time":253031457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":319,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":319,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.182.39.11","src_port":28681,"dst_port":12977,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":93714209,"flow_src_last_pkt_time":253026052,"flow_dst_last_pkt_time":93714209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251741922,"flow_src_last_pkt_time":251741922,"flow_dst_last_pkt_time":253031457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":319,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":319,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.182.39.11","src_port":28681,"dst_port":12977,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619573,"flow_src_last_pkt_time":243619573,"flow_dst_last_pkt_time":243619573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.0.69.215","src_port":28681,"dst_port":12608,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":90184128,"flow_src_last_pkt_time":287700104,"flow_dst_last_pkt_time":288014846,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":645,"flow_dst_tot_l4_payload_len":3215,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741399,"flow_src_last_pkt_time":251741399,"flow_dst_last_pkt_time":251741399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.139.61.103","src_port":28681,"dst_port":24096,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741399,"flow_src_last_pkt_time":251741399,"flow_dst_last_pkt_time":251741399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.139.61.103","src_port":28681,"dst_port":24096,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00762{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":90880863,"flow_src_last_pkt_time":251768782,"flow_dst_last_pkt_time":251799257,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":755,"flow_dst_tot_l4_payload_len":4350,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":28681,"dst_port":59596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251763807,"flow_src_last_pkt_time":287316570,"flow_dst_last_pkt_time":251763807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.14.31","src_port":28681,"dst_port":54754,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619099,"flow_src_last_pkt_time":243619099,"flow_dst_last_pkt_time":243619099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.215.183.71","src_port":28681,"dst_port":31310,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741037,"flow_src_last_pkt_time":251741037,"flow_dst_last_pkt_time":251741037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.65.188.29","src_port":28681,"dst_port":24676,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741037,"flow_src_last_pkt_time":251741037,"flow_dst_last_pkt_time":251741037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.65.188.29","src_port":28681,"dst_port":24676,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":95784533,"flow_src_last_pkt_time":139724985,"flow_dst_last_pkt_time":139896214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":1454,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":88941886,"flow_src_last_pkt_time":179376876,"flow_dst_last_pkt_time":88941886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":511,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":28681,"dst_port":52367,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":90073006,"flow_src_last_pkt_time":287483764,"flow_dst_last_pkt_time":287523854,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":645,"flow_dst_tot_l4_payload_len":3207,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":95715707,"flow_src_last_pkt_time":139694924,"flow_dst_last_pkt_time":139730332,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":2181,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.188.98","src_port":28681,"dst_port":62851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740694,"flow_src_last_pkt_time":251740694,"flow_dst_last_pkt_time":251740694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.177.52.73","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741613,"flow_src_last_pkt_time":251741613,"flow_dst_last_pkt_time":251741613,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.129.149.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740694,"flow_src_last_pkt_time":251740694,"flow_dst_last_pkt_time":251740694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.177.52.73","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741613,"flow_src_last_pkt_time":251741613,"flow_dst_last_pkt_time":251741613,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.129.149.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":95264285,"flow_src_last_pkt_time":179735999,"flow_dst_last_pkt_time":95264285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":89967108,"flow_src_last_pkt_time":152618863,"flow_dst_last_pkt_time":89967108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.203.218.92","src_port":28681,"dst_port":56962,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251769188,"flow_src_last_pkt_time":251769188,"flow_dst_last_pkt_time":251769188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.214.12.247","src_port":28681,"dst_port":44001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768912,"flow_src_last_pkt_time":251768912,"flow_dst_last_pkt_time":251768912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"70.119.248.5","src_port":28681,"dst_port":49929,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251769188,"flow_src_last_pkt_time":251769188,"flow_dst_last_pkt_time":251769188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.214.12.247","src_port":28681,"dst_port":44001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768912,"flow_src_last_pkt_time":251768912,"flow_dst_last_pkt_time":251768912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"70.119.248.5","src_port":28681,"dst_port":49929,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01194{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":90072798,"flow_src_last_pkt_time":287355678,"flow_dst_last_pkt_time":287667256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":751,"flow_dst_tot_l4_payload_len":4554,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00762{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":90809634,"flow_src_last_pkt_time":139694982,"flow_dst_last_pkt_time":139723897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":1595,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251764559,"flow_src_last_pkt_time":287316810,"flow_dst_last_pkt_time":251764559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.70.199.107","src_port":28681,"dst_port":60475,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -3643,86 +3793,86 @@ 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":90039633,"flow_src_last_pkt_time":163151080,"flow_dst_last_pkt_time":90039633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":50297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243616362,"flow_src_last_pkt_time":287426947,"flow_dst_last_pkt_time":287785960,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":110,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.241.204.61","src_port":28681,"dst_port":43366,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766760,"flow_src_last_pkt_time":287317745,"flow_dst_last_pkt_time":251766760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.241.112.255","src_port":28681,"dst_port":14766,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742656,"flow_src_last_pkt_time":251742656,"flow_dst_last_pkt_time":251742656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.162.97.8","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742656,"flow_src_last_pkt_time":251742656,"flow_dst_last_pkt_time":251742656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.162.97.8","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":89966123,"flow_src_last_pkt_time":152619228,"flow_dst_last_pkt_time":89966123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.218","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243615643,"flow_src_last_pkt_time":287318910,"flow_dst_last_pkt_time":243615643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.182.136.42","src_port":28681,"dst_port":27873,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766427,"flow_src_last_pkt_time":287317645,"flow_dst_last_pkt_time":251766427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.153.206.183","src_port":28681,"dst_port":16919,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766030,"flow_src_last_pkt_time":287317454,"flow_dst_last_pkt_time":251766030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.127.26.138","src_port":28681,"dst_port":3083,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742343,"flow_src_last_pkt_time":251742343,"flow_dst_last_pkt_time":251742343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"145.82.53.165","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742343,"flow_src_last_pkt_time":251742343,"flow_dst_last_pkt_time":251742343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"145.82.53.165","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":90039956,"flow_src_last_pkt_time":287497328,"flow_dst_last_pkt_time":90039956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":271,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251767408,"flow_src_last_pkt_time":287318133,"flow_dst_last_pkt_time":251767408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"210.194.116.78","src_port":28681,"dst_port":8342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766203,"flow_src_last_pkt_time":287317526,"flow_dst_last_pkt_time":251766203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.121.156","src_port":28681,"dst_port":23183,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251735839,"flow_src_last_pkt_time":251735839,"flow_dst_last_pkt_time":251735839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.178.192.76","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253024623,"flow_src_last_pkt_time":253024623,"flow_dst_last_pkt_time":253024623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"107.4.56.177","src_port":28681,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739607,"flow_src_last_pkt_time":251739607,"flow_dst_last_pkt_time":251739607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.27.3.68","src_port":28681,"dst_port":57380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251735839,"flow_src_last_pkt_time":251735839,"flow_dst_last_pkt_time":251735839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.178.192.76","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253024623,"flow_src_last_pkt_time":253024623,"flow_dst_last_pkt_time":253024623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"107.4.56.177","src_port":28681,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739607,"flow_src_last_pkt_time":251739607,"flow_dst_last_pkt_time":251739607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.27.3.68","src_port":28681,"dst_port":57380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243620457,"flow_src_last_pkt_time":243620457,"flow_dst_last_pkt_time":243620457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.39.219.223","src_port":28681,"dst_port":31728,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251799823,"flow_src_last_pkt_time":287319016,"flow_dst_last_pkt_time":251799823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":47184,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":139506262,"flow_src_last_pkt_time":176963996,"flow_dst_last_pkt_time":177166012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":394,"flow_dst_tot_l4_payload_len":1560,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"63.228.175.169","src_port":28681,"dst_port":1936,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251769032,"flow_src_last_pkt_time":251769032,"flow_dst_last_pkt_time":252632878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":327,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.64.177.53","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251769032,"flow_src_last_pkt_time":251769032,"flow_dst_last_pkt_time":252632878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":327,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.64.177.53","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":139506098,"flow_src_last_pkt_time":168391152,"flow_dst_last_pkt_time":168554777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":1454,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.118.53.212","src_port":28681,"dst_port":29998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743039,"flow_src_last_pkt_time":251743039,"flow_dst_last_pkt_time":251743039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.124.71.246","src_port":28681,"dst_port":49035,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743039,"flow_src_last_pkt_time":251743039,"flow_dst_last_pkt_time":251743039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.124.71.246","src_port":28681,"dst_port":49035,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243618881,"flow_src_last_pkt_time":287524310,"flow_dst_last_pkt_time":243618881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.7.145.36","src_port":28681,"dst_port":33905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00761{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":90871417,"flow_src_last_pkt_time":251739691,"flow_dst_last_pkt_time":251762907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":1077,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":28681,"dst_port":30566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":89829104,"flow_src_last_pkt_time":287443257,"flow_dst_last_pkt_time":174144907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":3014,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619924,"flow_src_last_pkt_time":243619924,"flow_dst_last_pkt_time":243619924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"191.114.88.39","src_port":28681,"dst_port":18751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":90845230,"flow_src_last_pkt_time":174303687,"flow_dst_last_pkt_time":174321070,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":146,"flow_dst_tot_l4_payload_len":855,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":28681,"dst_port":11852,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251946178,"flow_src_last_pkt_time":251946178,"flow_dst_last_pkt_time":251946178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","src_port":1026,"dst_port":28681,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251738882,"flow_src_last_pkt_time":251738882,"flow_dst_last_pkt_time":251738882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.219.202.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741806,"flow_src_last_pkt_time":251741806,"flow_dst_last_pkt_time":251741806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.127.34","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741506,"flow_src_last_pkt_time":251741506,"flow_dst_last_pkt_time":251741506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.187.236.179","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251738882,"flow_src_last_pkt_time":251738882,"flow_dst_last_pkt_time":251738882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.219.202.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741806,"flow_src_last_pkt_time":251741806,"flow_dst_last_pkt_time":251741806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.127.34","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741506,"flow_src_last_pkt_time":251741506,"flow_dst_last_pkt_time":251741506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.187.236.179","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":95784399,"flow_src_last_pkt_time":287465597,"flow_dst_last_pkt_time":287572441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":327,"flow_dst_tot_l4_payload_len":2511,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243615848,"flow_src_last_pkt_time":287381383,"flow_dst_last_pkt_time":287944648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"156.57.42.2","src_port":28681,"dst_port":33476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253025155,"flow_src_last_pkt_time":253025155,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253025155,"flow_src_last_pkt_time":253025155,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":90138188,"flow_src_last_pkt_time":287318627,"flow_dst_last_pkt_time":287634909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":645,"flow_dst_tot_l4_payload_len":3364,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00763{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":89016303,"flow_src_last_pkt_time":176563028,"flow_dst_last_pkt_time":176659064,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":824,"flow_dst_tot_l4_payload_len":3953,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":53258,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742554,"flow_src_last_pkt_time":251742554,"flow_dst_last_pkt_time":251742554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.13.30","src_port":28681,"dst_port":15138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742554,"flow_src_last_pkt_time":251742554,"flow_dst_last_pkt_time":251742554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.13.30","src_port":28681,"dst_port":15138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":95716693,"flow_src_last_pkt_time":287380885,"flow_dst_last_pkt_time":287440521,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":1755,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739411,"flow_src_last_pkt_time":251739411,"flow_dst_last_pkt_time":251739411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.31.118","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739411,"flow_src_last_pkt_time":251739411,"flow_dst_last_pkt_time":251739411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.31.118","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243618625,"flow_src_last_pkt_time":243618625,"flow_dst_last_pkt_time":243618625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.135.8.7","src_port":28681,"dst_port":1219,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00761{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":90864578,"flow_src_last_pkt_time":287313728,"flow_dst_last_pkt_time":287337870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":1077,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":53489,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":90039406,"flow_src_last_pkt_time":287381612,"flow_dst_last_pkt_time":287415538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":807,"flow_dst_tot_l4_payload_len":4817,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741302,"flow_src_last_pkt_time":251741302,"flow_dst_last_pkt_time":251741302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.247.160.96","src_port":28681,"dst_port":17817,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741302,"flow_src_last_pkt_time":251741302,"flow_dst_last_pkt_time":251741302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.247.160.96","src_port":28681,"dst_port":17817,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251767115,"flow_src_last_pkt_time":287317920,"flow_dst_last_pkt_time":251767115,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.165.228.167","src_port":28681,"dst_port":12201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253025433,"flow_src_last_pkt_time":253025433,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.68.45.203","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740418,"flow_src_last_pkt_time":251740418,"flow_dst_last_pkt_time":251740418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.28.130.131","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253025433,"flow_src_last_pkt_time":253025433,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.68.45.203","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740418,"flow_src_last_pkt_time":251740418,"flow_dst_last_pkt_time":251740418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.28.130.131","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":89829492,"flow_src_last_pkt_time":287526703,"flow_dst_last_pkt_time":89829492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":271,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243616746,"flow_src_last_pkt_time":287422960,"flow_dst_last_pkt_time":287697244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.86.49.195","src_port":28681,"dst_port":12019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251742117,"flow_src_last_pkt_time":251742117,"flow_dst_last_pkt_time":252853049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":322,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":322,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.6.226","src_port":28681,"dst_port":9713,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743729,"flow_src_last_pkt_time":251743729,"flow_dst_last_pkt_time":251743729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.86.190.163","src_port":28681,"dst_port":14142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739069,"flow_src_last_pkt_time":251739069,"flow_dst_last_pkt_time":251739069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"197.244.171.132","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251742117,"flow_src_last_pkt_time":251742117,"flow_dst_last_pkt_time":252853049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":322,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":322,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.6.226","src_port":28681,"dst_port":9713,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743729,"flow_src_last_pkt_time":251743729,"flow_dst_last_pkt_time":251743729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.86.190.163","src_port":28681,"dst_port":14142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739069,"flow_src_last_pkt_time":251739069,"flow_dst_last_pkt_time":251739069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"197.244.171.132","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766954,"flow_src_last_pkt_time":287317823,"flow_dst_last_pkt_time":251766954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.240.113","src_port":28681,"dst_port":13867,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742837,"flow_src_last_pkt_time":251742837,"flow_dst_last_pkt_time":251742837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.215.213","src_port":28681,"dst_port":23576,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743527,"flow_src_last_pkt_time":251743527,"flow_dst_last_pkt_time":251743527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.68.179.137","src_port":28681,"dst_port":6406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251741183,"flow_src_last_pkt_time":251741183,"flow_dst_last_pkt_time":252054388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":309,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":28681,"dst_port":8255,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742837,"flow_src_last_pkt_time":251742837,"flow_dst_last_pkt_time":251742837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.215.213","src_port":28681,"dst_port":23576,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743527,"flow_src_last_pkt_time":251743527,"flow_dst_last_pkt_time":251743527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.68.179.137","src_port":28681,"dst_port":6406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251741183,"flow_src_last_pkt_time":251741183,"flow_dst_last_pkt_time":252054388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":309,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":28681,"dst_port":8255,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":243617373,"flow_src_last_pkt_time":243617373,"flow_dst_last_pkt_time":243755535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.71.243.60","src_port":28681,"dst_port":34498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740269,"flow_src_last_pkt_time":251740269,"flow_dst_last_pkt_time":251740269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.194.53.68","src_port":28681,"dst_port":33770,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802485,"flow_src_last_pkt_time":251802485,"flow_dst_last_pkt_time":251802485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.193.23.172","src_port":28681,"dst_port":42227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251734977,"flow_src_last_pkt_time":251734977,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740269,"flow_src_last_pkt_time":251740269,"flow_dst_last_pkt_time":251740269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.194.53.68","src_port":28681,"dst_port":33770,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802485,"flow_src_last_pkt_time":251802485,"flow_dst_last_pkt_time":251802485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.193.23.172","src_port":28681,"dst_port":42227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251734977,"flow_src_last_pkt_time":251734977,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":90138798,"flow_src_last_pkt_time":174723421,"flow_dst_last_pkt_time":90138798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.217.176.52","src_port":28681,"dst_port":7446,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":90005045,"flow_src_last_pkt_time":287553240,"flow_dst_last_pkt_time":287678696,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":807,"flow_dst_tot_l4_payload_len":4798,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739830,"flow_src_last_pkt_time":251739830,"flow_dst_last_pkt_time":251739830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739830,"flow_src_last_pkt_time":251739830,"flow_dst_last_pkt_time":251739830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251768320,"flow_src_last_pkt_time":287318727,"flow_dst_last_pkt_time":287699802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.7.155.210","src_port":28681,"dst_port":28365,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251765853,"flow_src_last_pkt_time":287317359,"flow_dst_last_pkt_time":287440578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":110,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.227.193.37","src_port":28681,"dst_port":27481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619335,"flow_src_last_pkt_time":243619335,"flow_dst_last_pkt_time":243619335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"144.134.132.206","src_port":28681,"dst_port":16401,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743945,"flow_src_last_pkt_time":251743945,"flow_dst_last_pkt_time":251743945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.165.170.112","src_port":28681,"dst_port":37087,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743945,"flow_src_last_pkt_time":251743945,"flow_dst_last_pkt_time":251743945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.165.170.112","src_port":28681,"dst_port":37087,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251764953,"flow_src_last_pkt_time":287316986,"flow_dst_last_pkt_time":287579860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":28681,"dst_port":15677,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251767266,"flow_src_last_pkt_time":287318019,"flow_dst_last_pkt_time":251767266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.89.84.59","src_port":28681,"dst_port":11603,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":90004820,"flow_src_last_pkt_time":163118762,"flow_dst_last_pkt_time":90004820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.140.120.41","src_port":28681,"dst_port":47739,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619466,"flow_src_last_pkt_time":243619466,"flow_dst_last_pkt_time":243619466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"161.81.38.67","src_port":28681,"dst_port":9539,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743626,"flow_src_last_pkt_time":251743626,"flow_dst_last_pkt_time":251743626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.38.163.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743626,"flow_src_last_pkt_time":251743626,"flow_dst_last_pkt_time":251743626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.38.163.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":95784128,"flow_src_last_pkt_time":287510470,"flow_dst_last_pkt_time":287857497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":327,"flow_dst_tot_l4_payload_len":2512,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":90138420,"flow_src_last_pkt_time":287441093,"flow_dst_last_pkt_time":287483363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":645,"flow_dst_tot_l4_payload_len":3345,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251764380,"flow_src_last_pkt_time":287316765,"flow_dst_last_pkt_time":251764380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.165.153.100","src_port":28681,"dst_port":4509,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741711,"flow_src_last_pkt_time":251741711,"flow_dst_last_pkt_time":251741711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.193.236.8","src_port":28681,"dst_port":46557,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741711,"flow_src_last_pkt_time":251741711,"flow_dst_last_pkt_time":251741711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.193.236.8","src_port":28681,"dst_port":46557,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243619673,"flow_src_last_pkt_time":287426068,"flow_dst_last_pkt_time":243619673,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.115.158.103","src_port":28681,"dst_port":5110,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743139,"flow_src_last_pkt_time":251743139,"flow_dst_last_pkt_time":251743139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.6.118.53","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743139,"flow_src_last_pkt_time":251743139,"flow_dst_last_pkt_time":251743139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.6.118.53","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251768524,"flow_src_last_pkt_time":287318821,"flow_dst_last_pkt_time":287532561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"101.128.66.8","src_port":28681,"dst_port":34512,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243617142,"flow_src_last_pkt_time":287443836,"flow_dst_last_pkt_time":287618162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.175.11.126","src_port":28681,"dst_port":40958,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251801900,"flow_src_last_pkt_time":287320181,"flow_dst_last_pkt_time":251801900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.74.26","src_port":28681,"dst_port":65498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251743326,"flow_src_last_pkt_time":251743326,"flow_dst_last_pkt_time":252481655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":304,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":304,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.24.182.130","src_port":28681,"dst_port":22232,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251743326,"flow_src_last_pkt_time":251743326,"flow_dst_last_pkt_time":252481655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":304,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":304,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.24.182.130","src_port":28681,"dst_port":22232,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251767708,"flow_src_last_pkt_time":287318322,"flow_dst_last_pkt_time":251767708,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243620225,"flow_src_last_pkt_time":243620225,"flow_dst_last_pkt_time":243620225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":24634,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742935,"flow_src_last_pkt_time":251742935,"flow_dst_last_pkt_time":251742935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.8.95.165","src_port":28681,"dst_port":40763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742935,"flow_src_last_pkt_time":251742935,"flow_dst_last_pkt_time":251742935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.8.95.165","src_port":28681,"dst_port":40763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251800960,"flow_src_last_pkt_time":287319660,"flow_dst_last_pkt_time":251800960,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":28681,"dst_port":63978,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251800608,"flow_src_last_pkt_time":287319436,"flow_dst_last_pkt_time":251800608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":28681,"dst_port":33564,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":90183929,"flow_src_last_pkt_time":174679514,"flow_dst_last_pkt_time":90183929,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":298195498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":11603,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -3754,35 +3904,28 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3263,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":5,"flow_src_last_pkt_time":311752122,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":311752122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0rEEAAIARiO8KAAIPVuOilnAJGMoAIBAGR05EED\/dAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3264,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":3,"flow_src_last_pkt_time":311752229,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":311752229,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0tBQAAIAREWIKAAIPUTIYAnAJRdIAIHNCR05EED\/eAQFUC1FLUlAGUk5BXS\/iNQlw"} 01190{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":123912514,"flow_src_last_pkt_time":123912514,"flow_dst_last_pkt_time":124065276,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.198.205.196","src_port":28681,"dst_port":20778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852470,"flow_src_last_pkt_time":131670910,"flow_dst_last_pkt_time":72852470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852470,"flow_src_last_pkt_time":131670910,"flow_dst_last_pkt_time":72852470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852470,"flow_src_last_pkt_time":131670910,"flow_dst_last_pkt_time":72852470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":129345202,"flow_src_last_pkt_time":129345202,"flow_dst_last_pkt_time":129345202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.250.253.99","src_port":28681,"dst_port":11819,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":124090579,"flow_src_last_pkt_time":124090579,"flow_dst_last_pkt_time":124090579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.212.91.155","src_port":28681,"dst_port":5195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":129174578,"flow_src_last_pkt_time":129174578,"flow_dst_last_pkt_time":129174578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.197.97.94","src_port":28681,"dst_port":1360,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01187{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":129174282,"flow_src_last_pkt_time":129174282,"flow_dst_last_pkt_time":129344463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.226.85.105","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":96049954,"flow_src_last_pkt_time":129345403,"flow_dst_last_pkt_time":96049954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059383,"flow_src_last_pkt_time":131671261,"flow_dst_last_pkt_time":82059383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059383,"flow_src_last_pkt_time":131671261,"flow_dst_last_pkt_time":82059383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059383,"flow_src_last_pkt_time":131671261,"flow_dst_last_pkt_time":82059383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":123912290,"flow_src_last_pkt_time":123912290,"flow_dst_last_pkt_time":123912290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.116.64.132","src_port":28681,"dst_port":51227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":129174425,"flow_src_last_pkt_time":129174425,"flow_dst_last_pkt_time":129174425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.10.169.10","src_port":28681,"dst_port":12799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059497,"flow_src_last_pkt_time":131670469,"flow_dst_last_pkt_time":82059497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059497,"flow_src_last_pkt_time":131670469,"flow_dst_last_pkt_time":82059497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062993,"flow_src_last_pkt_time":131669387,"flow_dst_last_pkt_time":82062993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062993,"flow_src_last_pkt_time":131669387,"flow_dst_last_pkt_time":82062993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062130,"flow_src_last_pkt_time":131672351,"flow_dst_last_pkt_time":82062130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062130,"flow_src_last_pkt_time":131672351,"flow_dst_last_pkt_time":82062130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059497,"flow_src_last_pkt_time":131670469,"flow_dst_last_pkt_time":82059497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062993,"flow_src_last_pkt_time":131669387,"flow_dst_last_pkt_time":82062993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062130,"flow_src_last_pkt_time":131672351,"flow_dst_last_pkt_time":82062130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":96049781,"flow_src_last_pkt_time":129345276,"flow_dst_last_pkt_time":96049781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.1.231.138","src_port":28681,"dst_port":56558,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":131668560,"flow_src_last_pkt_time":131668560,"flow_dst_last_pkt_time":131668560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"187.37.87.189","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":131668560,"flow_src_last_pkt_time":131668560,"flow_dst_last_pkt_time":131668560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"187.37.87.189","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059277,"flow_src_last_pkt_time":131673144,"flow_dst_last_pkt_time":82059277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059277,"flow_src_last_pkt_time":131673144,"flow_dst_last_pkt_time":82059277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":131668560,"flow_src_last_pkt_time":131668560,"flow_dst_last_pkt_time":131668560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"187.37.87.189","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82059277,"flow_src_last_pkt_time":131673144,"flow_dst_last_pkt_time":82059277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":124066283,"flow_src_last_pkt_time":124066283,"flow_dst_last_pkt_time":124066283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.129.233.60","src_port":28681,"dst_port":19990,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":264769911,"flow_src_last_pkt_time":264769911,"flow_dst_last_pkt_time":265025254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":301,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":301,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":28681,"dst_port":9852,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770979,"flow_src_last_pkt_time":264770979,"flow_dst_last_pkt_time":264770979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.3.215.132","src_port":28681,"dst_port":20356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770348,"flow_src_last_pkt_time":264770348,"flow_dst_last_pkt_time":264770348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"108.44.45.25","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264769233,"flow_src_last_pkt_time":264769233,"flow_dst_last_pkt_time":264769233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":264771328,"flow_src_last_pkt_time":264771328,"flow_dst_last_pkt_time":265818202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":303,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.42.210","src_port":28681,"dst_port":5512,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264771658,"flow_src_last_pkt_time":264771658,"flow_dst_last_pkt_time":264771658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.94.41.71","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":264769911,"flow_src_last_pkt_time":264769911,"flow_dst_last_pkt_time":265025254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":301,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":301,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":28681,"dst_port":9852,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770979,"flow_src_last_pkt_time":264770979,"flow_dst_last_pkt_time":264770979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.3.215.132","src_port":28681,"dst_port":20356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770348,"flow_src_last_pkt_time":264770348,"flow_dst_last_pkt_time":264770348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"108.44.45.25","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264769233,"flow_src_last_pkt_time":264769233,"flow_dst_last_pkt_time":264769233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":264771328,"flow_src_last_pkt_time":264771328,"flow_dst_last_pkt_time":265818202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":303,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.42.210","src_port":28681,"dst_port":5512,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3268,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264771658,"flow_src_last_pkt_time":264771658,"flow_dst_last_pkt_time":264771658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":311944845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.94.41.71","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3271,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":2,"flow_src_last_pkt_time":312955333,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":312955333,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0rswAAIAR+c4KAAIPWEQty3AJGMoAIINuR05EED\/fAQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3272,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":3,"flow_src_last_pkt_time":312955419,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":312955419,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0nFIAAIARxPAKAAIPKWOkBHAJGMoAIDwVR05EED\/gAQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3273,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":3,"flow_src_last_pkt_time":312955554,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":312955554,"pkt":"UlQAEjUCCAAn5uVZCABFAAA09AwAAIARpNkKAAIPVu8+1XAJGMoAIHO3R05EED\/hAQFUC1FLUlAGUk5BXS\/iNQlw"} @@ -3793,23 +3936,29 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3278,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":5,"flow_src_last_pkt_time":312956056,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":312956056,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0JXwAAIARS68KAAIPTcVvunAJGMoAIEv3R05EED\/mAQFUC1FLUlAGUk5BXS\/iNQlw"} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3279,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":312956203,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":312956203,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3279,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_packet_id":1,"flow_src_last_pkt_time":312956203,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":312956203,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0aoYAAIARLMwKAAIPXAg7UHAJiXgAIAFvR05EED\/nAQFUC1FLUlAGUk5BXS\/iNQlw"} +01142{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3279,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":312956203,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":312956203,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3280,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":4,"flow_src_last_pkt_time":312956310,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":312956310,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0dB8AAIAR1MAKAAIPV0WOhXAJPG8AIAAFR05EED\/oAQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3281,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":3,"flow_src_last_pkt_time":312956479,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":312956479,"pkt":"UlQAEjUCCAAn5uVZCABFAAA08GcAAIARdXUKAAIPXR1rsHAJT4sAIAnlR05EED\/pAQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3282,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":4,"flow_src_last_pkt_time":312956593,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":312956593,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0mjwAAIARSyUKAAIPxNmEb3AJYzIAIHXBR05EED\/qAQFUC1FLUlAGUk5BXS\/iNQlw"} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3283,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312956768,"flow_src_last_pkt_time":312956768,"flow_dst_last_pkt_time":312956768,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":312956768,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3283,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_packet_id":1,"flow_src_last_pkt_time":312956768,"flow_dst_last_pkt_time":312956768,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":312956768,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0JvEAAIARngQKAAIPTp8bFnAJRJsAIHPrR05EED\/rAQFUC1FLUlAGUk5BXS\/iNQlw"} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3283,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312956768,"flow_src_last_pkt_time":312956768,"flow_dst_last_pkt_time":312956768,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":312956768,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3284,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312956911,"flow_src_last_pkt_time":312956911,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":312956911,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3284,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_packet_id":1,"flow_src_last_pkt_time":312956911,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":312956911,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0mmwAAIARSEkKAAIPQ8EINHAJlrgAID+NR05EED\/sAQFUC1FLUlAGUk5BXS\/iNQlw"} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3284,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312956911,"flow_src_last_pkt_time":312956911,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":312956911,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3285,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":4,"flow_src_last_pkt_time":312957021,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":312957021,"pkt":"UlQAEjUCCAAn5uVZCABFAAA02VAAAIAREUIKAAIPBbQ+ZHAJtTEAICjwR05EED\/tAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3286,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":3,"flow_src_last_pkt_time":312957127,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":312957127,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0djgAAIARTnoKAAIPVYoUbnAJGMoAIJ92R05EED\/uAQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3287,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":5,"flow_src_last_pkt_time":312957227,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":312957227,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0JGEAAIARImsKAAIPWkGNnXAJGMoAICGPR05EED\/vAQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3288,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":5,"flow_src_last_pkt_time":312957301,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":312957301,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0s00AAIARB+0KAAIPrGHHDnAJGMoAIJX8R05EED\/wAQFUC1FLUlAGUk5BXS\/iNQlw"} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3289,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312957456,"flow_src_last_pkt_time":312957456,"flow_dst_last_pkt_time":312957456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":312957456,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.115.218.152","src_port":28681,"dst_port":5900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3289,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_packet_id":1,"flow_src_last_pkt_time":312957456,"flow_dst_last_pkt_time":312957456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":312957456,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0D1AAAIARtk4KAAIPjnPamHAJFwwAIKIdR05EED\/xAQFUC1FLUlAGUk5BXS\/iNQlw"} +01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3289,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312957456,"flow_src_last_pkt_time":312957456,"flow_dst_last_pkt_time":312957456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":312957456,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.115.218.152","src_port":28681,"dst_port":5900,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3290,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312957614,"flow_src_last_pkt_time":312957614,"flow_dst_last_pkt_time":312957614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":312957614,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3290,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_packet_id":1,"flow_src_last_pkt_time":312957614,"flow_dst_last_pkt_time":312957614,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":312957614,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05pQAAIARsCAKAAIPTudJDnAJGMoAIHF1R05EED\/yAQFUC1FLUlAGUk5BXS\/iNQlw"} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3290,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312957614,"flow_src_last_pkt_time":312957614,"flow_dst_last_pkt_time":312957614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":312957614,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3291,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312961164,"flow_src_last_pkt_time":312961164,"flow_dst_last_pkt_time":312961164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":312961164,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.140.96","src_port":28681,"dst_port":14400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3291,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":753,"flow_packet_id":1,"flow_src_last_pkt_time":312961164,"flow_dst_last_pkt_time":312961164,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":312961164,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0s80AAIARSSgKAAIPpVSMYHAJOEAAILg+R05EED\/zAQFUC1FLUlAGUk5BXS\/iNQlw"} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3291,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312961164,"flow_src_last_pkt_time":312961164,"flow_dst_last_pkt_time":312961164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":312961164,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.140.96","src_port":28681,"dst_port":14400,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3298,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":2,"flow_src_last_pkt_time":320290371,"flow_dst_last_pkt_time":287338641,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":320290371,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4TFkAAIARXF4KAAIPdqgPR3AJ5EoAJEU1rxgxAkijNFD\/98wlZJR4AwABAAUAAADDglFLQA=="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3299,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":2,"flow_src_last_pkt_time":320290433,"flow_dst_last_pkt_time":287338845,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":320290433,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4bmsAAIARqKcKAAIPdPGionAJ4kkAJCDgNOsxArkJ75n\/2X37nQtxAwABAAUAAADDglFLQA=="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3300,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":2,"flow_src_last_pkt_time":320290446,"flow_dst_last_pkt_time":287339043,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":320290446,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4R1AAAIARd9IKAAIPdqf43HAJ56gAJBG+sRMxAjM8jgr\/OCOtVAIyAwABAAUAAADDglFLQA=="} @@ -3846,11 +3995,9 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3331,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":695,"flow_packet_id":2,"flow_src_last_pkt_time":320293343,"flow_dst_last_pkt_time":287635205,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":320293343,"pkt":"UlQAEjUCCAAn5uVZCABFAAA419wAAIARwSYKAAIPTL1I5nAJH+EAJBtk6eoxAtFG13r\/NLEu9DR8AwABAAUAAADDglFLQA=="} 01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":101122468,"flow_src_last_pkt_time":134428222,"flow_dst_last_pkt_time":101122468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.117.249.98","src_port":28681,"dst_port":6815,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":101122346,"flow_src_last_pkt_time":134428360,"flow_dst_last_pkt_time":101122346,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132833303,"flow_src_last_pkt_time":132833303,"flow_dst_last_pkt_time":132833303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":1032,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132833303,"flow_src_last_pkt_time":132833303,"flow_dst_last_pkt_time":132833303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":1032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132833303,"flow_src_last_pkt_time":132833303,"flow_dst_last_pkt_time":132833303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":1032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01188{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":95754583,"flow_src_last_pkt_time":139695067,"flow_dst_last_pkt_time":139756356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":1454,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00967{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132831233,"flow_src_last_pkt_time":132831233,"flow_dst_last_pkt_time":132831233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":25282,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132831233,"flow_src_last_pkt_time":132831233,"flow_dst_last_pkt_time":132831233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":25282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":132831233,"flow_src_last_pkt_time":132831233,"flow_dst_last_pkt_time":132831233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":25282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":139669712,"flow_src_last_pkt_time":139669712,"flow_dst_last_pkt_time":139669712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.224.174.174","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":139506403,"flow_src_last_pkt_time":139506403,"flow_dst_last_pkt_time":139506403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.35.85.238","src_port":28681,"dst_port":32173,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00835{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":8,"flow_first_seen":71204033,"flow_src_last_pkt_time":80232165,"flow_dst_last_pkt_time":193763657,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.62.225.181","src_port":50245,"dst_port":46843,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -3860,60 +4007,59 @@ 00847{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":90809634,"flow_src_last_pkt_time":139694982,"flow_dst_last_pkt_time":139723897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":1595,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":90809634,"flow_src_last_pkt_time":139694982,"flow_dst_last_pkt_time":139723897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":1595,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01190{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":95923657,"flow_src_last_pkt_time":139669839,"flow_dst_last_pkt_time":139892044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":1454,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.250.179.237","src_port":28681,"dst_port":20848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82061259,"flow_src_last_pkt_time":132833697,"flow_dst_last_pkt_time":82061259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.157.183.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82061259,"flow_src_last_pkt_time":132833697,"flow_dst_last_pkt_time":82061259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.157.183.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82061259,"flow_src_last_pkt_time":132833697,"flow_dst_last_pkt_time":82061259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.157.183.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":101162745,"flow_src_last_pkt_time":287624798,"flow_dst_last_pkt_time":177309077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":3014,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":168555545,"flow_src_last_pkt_time":287428135,"flow_dst_last_pkt_time":287464674,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":483,"flow_dst_tot_l4_payload_len":1891,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":311750048,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":311749444,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":311750048,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":311749444,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":174322734,"flow_src_last_pkt_time":174322734,"flow_dst_last_pkt_time":174322734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.8.55.158","src_port":28681,"dst_port":51140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":311752229,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":311752229,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":174322199,"flow_src_last_pkt_time":174322199,"flow_dst_last_pkt_time":174322199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.23.24.213","src_port":28681,"dst_port":18561,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":124066131,"flow_src_last_pkt_time":287321260,"flow_dst_last_pkt_time":124181723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00898{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":12513795,"flow_src_last_pkt_time":14765980,"flow_dst_last_pkt_time":12513795,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":115369554,"flow_src_last_pkt_time":287313555,"flow_dst_last_pkt_time":287650021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":78,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":265,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":28681,"dst_port":37058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":101837355,"flow_src_last_pkt_time":287806064,"flow_dst_last_pkt_time":289958480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":274,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01064{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":192636357,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":312957021,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":312957021,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00945{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":160009075,"flow_src_last_pkt_time":163034860,"flow_dst_last_pkt_time":160009075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":51685,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":124090730,"flow_src_last_pkt_time":287316477,"flow_dst_last_pkt_time":287421199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":95923574,"flow_src_last_pkt_time":287443565,"flow_dst_last_pkt_time":95923574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":311751911,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":71536330,"flow_src_last_pkt_time":243620132,"flow_dst_last_pkt_time":243855304,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":312957227,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":311751911,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":71536330,"flow_src_last_pkt_time":243620132,"flow_dst_last_pkt_time":243855304,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":312957227,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":116628965,"flow_src_last_pkt_time":287381237,"flow_dst_last_pkt_time":287357971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":592,"flow_dst_tot_l4_payload_len":2531,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":311751378,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":312957301,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":311751378,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":312957301,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":174343218,"flow_src_last_pkt_time":174343218,"flow_dst_last_pkt_time":174343218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":28681,"dst_port":36728,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":311752090,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":311752090,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":168840831,"flow_src_last_pkt_time":174342629,"flow_dst_last_pkt_time":168840831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":38297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":192908239,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":312957127,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":192908239,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":312957127,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01194{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":168594778,"flow_src_last_pkt_time":176694790,"flow_dst_last_pkt_time":176963996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":399,"flow_dst_tot_l4_payload_len":1560,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.192.210.182","src_port":28681,"dst_port":6754,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":311751727,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":311751727,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":95893685,"flow_src_last_pkt_time":287318509,"flow_dst_last_pkt_time":287340787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":1668,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":124090360,"flow_src_last_pkt_time":287697560,"flow_dst_last_pkt_time":287890845,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":219447137,"flow_src_last_pkt_time":219447137,"flow_dst_last_pkt_time":219447137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.187.171.240","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":251742741,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":311750605,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":251742741,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":311750605,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01034{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":288409044,"flow_src_last_pkt_time":288409044,"flow_dst_last_pkt_time":288409044,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"164.132.10.25","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":95893239,"flow_src_last_pkt_time":287522940,"flow_dst_last_pkt_time":287579763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":1785,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":311750300,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":311749833,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":311751018,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":251738105,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":311750300,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":311749833,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":311751018,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":251738105,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":101122636,"flow_src_last_pkt_time":168321077,"flow_dst_last_pkt_time":168840075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":2413,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.64.44.11","src_port":28681,"dst_port":1352,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":168428692,"flow_src_last_pkt_time":174303640,"flow_dst_last_pkt_time":168428692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"198.58.218.12","src_port":28681,"dst_port":47912,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01194{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":174303564,"flow_src_last_pkt_time":287488029,"flow_dst_last_pkt_time":287509796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":1040,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":253024867,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":311749055,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":312956056,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":251739950,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":253024867,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":311749055,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":312956056,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":251739950,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":123912731,"flow_src_last_pkt_time":287321365,"flow_dst_last_pkt_time":123912731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":253024371,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":312955935,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":253024371,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":312955935,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":174342792,"flow_src_last_pkt_time":287510770,"flow_dst_last_pkt_time":174648242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":114,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":311751275,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3337,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":311751275,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":322350285,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":89967108,"flow_src_last_pkt_time":152618863,"flow_dst_last_pkt_time":89967108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.203.218.92","src_port":28681,"dst_port":56962,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":89966123,"flow_src_last_pkt_time":152619228,"flow_dst_last_pkt_time":89966123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.218","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287425184,"flow_src_last_pkt_time":287425184,"flow_dst_last_pkt_time":287425184,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.148.100.237","src_port":28681,"dst_port":23459,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -3921,37 +4067,37 @@ 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287484830,"flow_src_last_pkt_time":287484830,"flow_dst_last_pkt_time":287484830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.172.184.48","src_port":28681,"dst_port":13281,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287341251,"flow_src_last_pkt_time":320291193,"flow_dst_last_pkt_time":287341251,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.184.29.35","src_port":28681,"dst_port":30582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287321004,"flow_src_last_pkt_time":287321004,"flow_dst_last_pkt_time":287321004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.234.197.93","src_port":28681,"dst_port":1483,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287313271,"flow_src_last_pkt_time":287313271,"flow_dst_last_pkt_time":287313271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.142.109.190","src_port":28681,"dst_port":41370,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287313271,"flow_src_last_pkt_time":287313271,"flow_dst_last_pkt_time":287313271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.142.109.190","src_port":28681,"dst_port":41370,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287589463,"flow_src_last_pkt_time":287589463,"flow_dst_last_pkt_time":287589463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.200.235","src_port":28681,"dst_port":2846,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287444410,"flow_src_last_pkt_time":287444410,"flow_dst_last_pkt_time":287444410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":28681,"dst_port":59016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287623920,"flow_src_last_pkt_time":287623920,"flow_dst_last_pkt_time":287623920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.18.212.223","src_port":28681,"dst_port":50637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287650717,"flow_src_last_pkt_time":287650717,"flow_dst_last_pkt_time":287650717,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.206.27.26","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314350,"flow_src_last_pkt_time":287314350,"flow_dst_last_pkt_time":287314350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.47.223.27","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309338,"flow_src_last_pkt_time":287309338,"flow_dst_last_pkt_time":287309338,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.173.230.98","src_port":28681,"dst_port":19004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314350,"flow_src_last_pkt_time":287314350,"flow_dst_last_pkt_time":287314350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.47.223.27","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309338,"flow_src_last_pkt_time":287309338,"flow_dst_last_pkt_time":287309338,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.173.230.98","src_port":28681,"dst_port":19004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339588,"flow_src_last_pkt_time":320290592,"flow_dst_last_pkt_time":287339588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.229.185.60","src_port":28681,"dst_port":6898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287429914,"flow_src_last_pkt_time":287429914,"flow_dst_last_pkt_time":287624396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.36.249.91","src_port":28681,"dst_port":7190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287651077,"flow_src_last_pkt_time":287651077,"flow_dst_last_pkt_time":287651077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.190.184","src_port":28681,"dst_port":64163,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308993,"flow_src_last_pkt_time":287308993,"flow_dst_last_pkt_time":287308993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.247.89.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":311751135,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":251737467,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":312955554,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308993,"flow_src_last_pkt_time":287308993,"flow_dst_last_pkt_time":287308993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.247.89.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":311751135,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":251737467,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":312955554,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00945{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":280014541,"flow_src_last_pkt_time":283055110,"flow_dst_last_pkt_time":280014541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57552,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442897,"flow_src_last_pkt_time":287442897,"flow_dst_last_pkt_time":287442897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.36.249.91","src_port":28681,"dst_port":64577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287485837,"flow_src_last_pkt_time":287485837,"flow_dst_last_pkt_time":287485837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":3227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287511462,"flow_src_last_pkt_time":287511462,"flow_dst_last_pkt_time":287511462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.10.152","src_port":28681,"dst_port":21293,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287859998,"flow_src_last_pkt_time":287859998,"flow_dst_last_pkt_time":287859998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.25.47","src_port":28681,"dst_port":21293,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315409,"flow_src_last_pkt_time":287315409,"flow_dst_last_pkt_time":287315409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.246.147.72","src_port":28681,"dst_port":4572,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315409,"flow_src_last_pkt_time":287315409,"flow_dst_last_pkt_time":287315409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.246.147.72","src_port":28681,"dst_port":4572,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287858651,"flow_src_last_pkt_time":287858651,"flow_dst_last_pkt_time":287858651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.199.148.6","src_port":28681,"dst_port":4338,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287441868,"flow_src_last_pkt_time":287441868,"flow_dst_last_pkt_time":287441868,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":28681,"dst_port":52274,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287600343,"flow_src_last_pkt_time":287600343,"flow_dst_last_pkt_time":287600343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.118.77","src_port":28681,"dst_port":62191,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287859998,"flow_src_last_pkt_time":287859998,"flow_dst_last_pkt_time":287859998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":3256,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356130,"flow_src_last_pkt_time":320291674,"flow_dst_last_pkt_time":287356130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":3259,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287496517,"flow_src_last_pkt_time":287539055,"flow_dst_last_pkt_time":287579829,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":28681,"dst_port":16201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":251736668,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":312955656,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":251736668,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":312955656,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287469025,"flow_src_last_pkt_time":287753028,"flow_dst_last_pkt_time":288019720,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.208.167.152","src_port":28681,"dst_port":30628,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287441707,"flow_src_last_pkt_time":287441707,"flow_dst_last_pkt_time":287441707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.18.212.223","src_port":28681,"dst_port":58954,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":253025967,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":253025967,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287681495,"flow_src_last_pkt_time":287681495,"flow_dst_last_pkt_time":287681495,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":28681,"dst_port":51379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287430116,"flow_src_last_pkt_time":287430116,"flow_dst_last_pkt_time":287430116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":28681,"dst_port":9747,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287423574,"flow_src_last_pkt_time":287423574,"flow_dst_last_pkt_time":287423574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.40.163.123","src_port":28681,"dst_port":55341,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -3973,9 +4119,9 @@ 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339727,"flow_src_last_pkt_time":320290625,"flow_dst_last_pkt_time":287339727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":54436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287653242,"flow_src_last_pkt_time":287653242,"flow_dst_last_pkt_time":287653242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.14.31","src_port":28681,"dst_port":64871,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":288355413,"flow_src_last_pkt_time":288355413,"flow_dst_last_pkt_time":288355413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":48250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310956,"flow_src_last_pkt_time":287310956,"flow_dst_last_pkt_time":287310956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310956,"flow_src_last_pkt_time":287310956,"flow_dst_last_pkt_time":287310956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287621585,"flow_src_last_pkt_time":287621585,"flow_dst_last_pkt_time":287621585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":54459,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312421,"flow_src_last_pkt_time":287312421,"flow_dst_last_pkt_time":287312421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"136.32.84.139","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312421,"flow_src_last_pkt_time":287312421,"flow_dst_last_pkt_time":287312421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"136.32.84.139","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287357163,"flow_src_last_pkt_time":320292378,"flow_dst_last_pkt_time":287357163,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":59879,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287485157,"flow_src_last_pkt_time":287485157,"flow_dst_last_pkt_time":287485157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":28681,"dst_port":1630,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287624187,"flow_src_last_pkt_time":287624187,"flow_dst_last_pkt_time":287624187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.93.150.146","src_port":28681,"dst_port":62507,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -3986,11 +4132,11 @@ 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287486202,"flow_src_last_pkt_time":287486202,"flow_dst_last_pkt_time":287486202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.234.18.166","src_port":28681,"dst_port":61319,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340857,"flow_src_last_pkt_time":320291054,"flow_dst_last_pkt_time":287340857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":28681,"dst_port":51675,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287681721,"flow_src_last_pkt_time":287681721,"flow_dst_last_pkt_time":287681721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.174.174.69","src_port":28681,"dst_port":21358,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":251735642,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":251735642,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287467615,"flow_src_last_pkt_time":287467615,"flow_dst_last_pkt_time":287467615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.118.77","src_port":28681,"dst_port":60482,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":289961626,"flow_src_last_pkt_time":289961626,"flow_dst_last_pkt_time":290166113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287443704,"flow_src_last_pkt_time":287443704,"flow_dst_last_pkt_time":287443704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":42288,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":312956310,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":312956310,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287859998,"flow_src_last_pkt_time":287859998,"flow_dst_last_pkt_time":287859998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":19814,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287428877,"flow_src_last_pkt_time":287428877,"flow_dst_last_pkt_time":287428877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.134.154.158","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287342606,"flow_src_last_pkt_time":287680998,"flow_dst_last_pkt_time":288307881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.238.145.82","src_port":28681,"dst_port":33527,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4001,19 +4147,19 @@ 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287622365,"flow_src_last_pkt_time":287622365,"flow_dst_last_pkt_time":287622365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":28681,"dst_port":8349,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356336,"flow_src_last_pkt_time":320291809,"flow_dst_last_pkt_time":287356336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":28681,"dst_port":20387,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287683595,"flow_src_last_pkt_time":287683595,"flow_dst_last_pkt_time":287869199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.203.72.224","src_port":28681,"dst_port":9897,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238800,"flow_src_last_pkt_time":229238800,"flow_dst_last_pkt_time":229238800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.131.202.24","src_port":28681,"dst_port":44748,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238800,"flow_src_last_pkt_time":229238800,"flow_dst_last_pkt_time":229238800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.131.202.24","src_port":28681,"dst_port":44748,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287497017,"flow_src_last_pkt_time":287497017,"flow_dst_last_pkt_time":287497017,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.231.59.187","src_port":28681,"dst_port":62234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287429698,"flow_src_last_pkt_time":287429698,"flow_dst_last_pkt_time":287429698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":28681,"dst_port":53707,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287441286,"flow_src_last_pkt_time":287441286,"flow_dst_last_pkt_time":287441286,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":28681,"dst_port":7375,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287467263,"flow_src_last_pkt_time":287467263,"flow_dst_last_pkt_time":287467263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.152.218","src_port":28681,"dst_port":51920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287484483,"flow_src_last_pkt_time":287484483,"flow_dst_last_pkt_time":287484483,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":28681,"dst_port":7380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312889,"flow_src_last_pkt_time":287312889,"flow_dst_last_pkt_time":287312889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.144.99.73","src_port":28681,"dst_port":10745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312889,"flow_src_last_pkt_time":287312889,"flow_dst_last_pkt_time":287312889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.144.99.73","src_port":28681,"dst_port":10745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287427173,"flow_src_last_pkt_time":287427173,"flow_dst_last_pkt_time":287642779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.83.5","src_port":28681,"dst_port":10624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287424215,"flow_src_last_pkt_time":287424215,"flow_dst_last_pkt_time":287424215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.239.173.18","src_port":28681,"dst_port":23327,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314783,"flow_src_last_pkt_time":287314783,"flow_dst_last_pkt_time":287314783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.196.216.12","src_port":28681,"dst_port":58910,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":311751600,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314783,"flow_src_last_pkt_time":287314783,"flow_dst_last_pkt_time":287314783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.196.216.12","src_port":28681,"dst_port":58910,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":311751600,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287385994,"flow_src_last_pkt_time":287385994,"flow_dst_last_pkt_time":287385994,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.118.77","src_port":28681,"dst_port":56562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":251737771,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":251737771,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340413,"flow_src_last_pkt_time":320290815,"flow_dst_last_pkt_time":287340413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.41.253","src_port":28681,"dst_port":14339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287486558,"flow_src_last_pkt_time":287486558,"flow_dst_last_pkt_time":287710915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"210.209.249.84","src_port":28681,"dst_port":24751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287496674,"flow_src_last_pkt_time":287496674,"flow_dst_last_pkt_time":287828000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":61,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":61,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":28681,"dst_port":45710,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4026,20 +4172,20 @@ 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442403,"flow_src_last_pkt_time":287442403,"flow_dst_last_pkt_time":287442403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.64.156.63","src_port":28681,"dst_port":60092,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287511284,"flow_src_last_pkt_time":287511284,"flow_dst_last_pkt_time":287511284,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":28681,"dst_port":49803,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287526491,"flow_src_last_pkt_time":287526491,"flow_dst_last_pkt_time":287526491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.127.1.235","src_port":28681,"dst_port":37814,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287310365,"flow_src_last_pkt_time":287310365,"flow_dst_last_pkt_time":287954302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":306,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":306,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.161.80.82","src_port":28681,"dst_port":8656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287310365,"flow_src_last_pkt_time":287310365,"flow_dst_last_pkt_time":287954302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":306,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":306,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.161.80.82","src_port":28681,"dst_port":8656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287496192,"flow_src_last_pkt_time":287496192,"flow_dst_last_pkt_time":287496192,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":28681,"dst_port":49815,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287651749,"flow_src_last_pkt_time":287651749,"flow_dst_last_pkt_time":287651749,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.40.67.191","src_port":28681,"dst_port":14971,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356915,"flow_src_last_pkt_time":320292278,"flow_dst_last_pkt_time":287356915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":28681,"dst_port":53883,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287525166,"flow_src_last_pkt_time":287525166,"flow_dst_last_pkt_time":287525166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":54914,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287698485,"flow_src_last_pkt_time":287698485,"flow_dst_last_pkt_time":287698485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"101.136.187.253","src_port":28681,"dst_port":10914,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287320411,"flow_src_last_pkt_time":287320411,"flow_dst_last_pkt_time":287320411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.250.32","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311602,"flow_src_last_pkt_time":287311602,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287312193,"flow_src_last_pkt_time":287312193,"flow_dst_last_pkt_time":288223001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":320,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":320,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.2.62.28","src_port":28681,"dst_port":6387,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308439,"flow_src_last_pkt_time":287308439,"flow_dst_last_pkt_time":287308439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.210.81.59","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238441,"flow_src_last_pkt_time":229238441,"flow_dst_last_pkt_time":229238441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.56.198","src_port":28681,"dst_port":11984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060665,"flow_src_last_pkt_time":192907653,"flow_dst_last_pkt_time":82060665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":312955868,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310048,"flow_src_last_pkt_time":287310048,"flow_dst_last_pkt_time":287310048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"8.44.149.207","src_port":28681,"dst_port":30551,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311602,"flow_src_last_pkt_time":287311602,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287312193,"flow_src_last_pkt_time":287312193,"flow_dst_last_pkt_time":288223001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":320,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":320,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.2.62.28","src_port":28681,"dst_port":6387,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308439,"flow_src_last_pkt_time":287308439,"flow_dst_last_pkt_time":287308439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.210.81.59","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238441,"flow_src_last_pkt_time":229238441,"flow_dst_last_pkt_time":229238441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.56.198","src_port":28681,"dst_port":11984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060665,"flow_src_last_pkt_time":192907653,"flow_dst_last_pkt_time":82060665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":312955868,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310048,"flow_src_last_pkt_time":287310048,"flow_dst_last_pkt_time":287310048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"8.44.149.207","src_port":28681,"dst_port":30551,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287652154,"flow_src_last_pkt_time":287652154,"flow_dst_last_pkt_time":287652154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.192.83.59","src_port":28681,"dst_port":33513,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287499197,"flow_src_last_pkt_time":287499197,"flow_dst_last_pkt_time":287499197,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.199.103","src_port":28681,"dst_port":2625,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287682493,"flow_src_last_pkt_time":287682493,"flow_dst_last_pkt_time":287682493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.191.58.38","src_port":28681,"dst_port":48157,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4060,22 +4206,22 @@ 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287682208,"flow_src_last_pkt_time":287682208,"flow_dst_last_pkt_time":287682208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.249.190.8","src_port":28681,"dst_port":25198,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287699174,"flow_src_last_pkt_time":287699174,"flow_dst_last_pkt_time":287699174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.163","src_port":28681,"dst_port":6564,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287341361,"flow_src_last_pkt_time":320291262,"flow_dst_last_pkt_time":287341361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.49.159.77","src_port":28681,"dst_port":55915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":311749976,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229240388,"flow_src_last_pkt_time":229240388,"flow_dst_last_pkt_time":229240388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.35.190.5","src_port":28681,"dst_port":18604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":311749976,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229240388,"flow_src_last_pkt_time":229240388,"flow_dst_last_pkt_time":229240388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.35.190.5","src_port":28681,"dst_port":18604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287859330,"flow_src_last_pkt_time":287859330,"flow_dst_last_pkt_time":287859330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":52420,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":312955419,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":312955419,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287573220,"flow_src_last_pkt_time":320293048,"flow_dst_last_pkt_time":287573220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.163","src_port":28681,"dst_port":6594,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287497829,"flow_src_last_pkt_time":287497829,"flow_dst_last_pkt_time":287497829,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.179.18.242","src_port":28681,"dst_port":47329,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":289962007,"flow_src_last_pkt_time":289962007,"flow_dst_last_pkt_time":289962007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.163","src_port":28681,"dst_port":6599,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287321152,"flow_src_last_pkt_time":287321152,"flow_dst_last_pkt_time":287321152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.72.149.140","src_port":28681,"dst_port":37848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287510194,"flow_src_last_pkt_time":287547151,"flow_dst_last_pkt_time":287583222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":110,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.20.248.147","src_port":28681,"dst_port":30706,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287654311,"flow_src_last_pkt_time":287654311,"flow_dst_last_pkt_time":287654311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.129.86.65","src_port":28681,"dst_port":49723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311908,"flow_src_last_pkt_time":287311908,"flow_dst_last_pkt_time":287311908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.203.45.107","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311908,"flow_src_last_pkt_time":287311908,"flow_dst_last_pkt_time":287311908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.203.45.107","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287383122,"flow_src_last_pkt_time":287383122,"flow_dst_last_pkt_time":287383122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.105.52.2","src_port":28681,"dst_port":6831,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":311752122,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":311752122,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287498759,"flow_src_last_pkt_time":287498759,"flow_dst_last_pkt_time":287498759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":28681,"dst_port":7849,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":311751833,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239365,"flow_src_last_pkt_time":229239365,"flow_dst_last_pkt_time":229239365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.185.126","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":311751833,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239365,"flow_src_last_pkt_time":229239365,"flow_dst_last_pkt_time":229239365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.185.126","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287698888,"flow_src_last_pkt_time":287698888,"flow_dst_last_pkt_time":287698888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.47.227.91","src_port":28681,"dst_port":54463,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287699351,"flow_src_last_pkt_time":287743590,"flow_dst_last_pkt_time":287783603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.168.34.105","src_port":28681,"dst_port":39908,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287497569,"flow_src_last_pkt_time":287497569,"flow_dst_last_pkt_time":287497569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.174.18.115","src_port":28681,"dst_port":50679,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4090,7 +4236,7 @@ 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287510972,"flow_src_last_pkt_time":287510972,"flow_dst_last_pkt_time":287510972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.22.22.94","src_port":28681,"dst_port":34245,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287588556,"flow_src_last_pkt_time":287588556,"flow_dst_last_pkt_time":287588556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"159.196.95.223","src_port":28681,"dst_port":2003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287511819,"flow_src_last_pkt_time":287511819,"flow_dst_last_pkt_time":287824341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"180.218.135.222","src_port":28681,"dst_port":4548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":311750486,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":311750486,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287426310,"flow_src_last_pkt_time":287426310,"flow_dst_last_pkt_time":287647245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.170.108","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287619126,"flow_src_last_pkt_time":287619126,"flow_dst_last_pkt_time":287619126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.83.5","src_port":28681,"dst_port":9128,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287652991,"flow_src_last_pkt_time":287652991,"flow_dst_last_pkt_time":287652991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.200.235","src_port":28681,"dst_port":1968,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4102,16 +4248,16 @@ 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287859998,"flow_src_last_pkt_time":287859998,"flow_dst_last_pkt_time":287859998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":4364,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287648701,"flow_src_last_pkt_time":287648701,"flow_dst_last_pkt_time":287648701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":55050,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340314,"flow_src_last_pkt_time":320290768,"flow_dst_last_pkt_time":287340314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.200.235","src_port":28681,"dst_port":2034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":253026184,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":312956479,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":253026184,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":312956479,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287428427,"flow_src_last_pkt_time":287428427,"flow_dst_last_pkt_time":287428427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":35004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":312956593,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311299,"flow_src_last_pkt_time":287311299,"flow_dst_last_pkt_time":287311299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.156.58.211","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312665,"flow_src_last_pkt_time":287312665,"flow_dst_last_pkt_time":287312665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.4.204.220","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":312956593,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311299,"flow_src_last_pkt_time":287311299,"flow_dst_last_pkt_time":287311299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.156.58.211","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312665,"flow_src_last_pkt_time":287312665,"flow_dst_last_pkt_time":287312665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.4.204.220","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287622813,"flow_src_last_pkt_time":287622813,"flow_dst_last_pkt_time":287622813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.14.143.237","src_port":28681,"dst_port":13965,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287532984,"flow_src_last_pkt_time":287836880,"flow_dst_last_pkt_time":288223086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.59.117.166","src_port":28681,"dst_port":33192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340060,"flow_src_last_pkt_time":320290682,"flow_dst_last_pkt_time":287340060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":28681,"dst_port":10655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":311750926,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":311750926,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442727,"flow_src_last_pkt_time":287442727,"flow_dst_last_pkt_time":287442727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.203.72.224","src_port":28681,"dst_port":53658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287429288,"flow_src_last_pkt_time":287429288,"flow_dst_last_pkt_time":287429288,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.250.32","src_port":28681,"dst_port":52647,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287524138,"flow_src_last_pkt_time":287524138,"flow_dst_last_pkt_time":287524138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.12.1.136","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4119,8 +4265,8 @@ 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287466034,"flow_src_last_pkt_time":287466034,"flow_dst_last_pkt_time":287466034,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.10.174.159","src_port":28681,"dst_port":4841,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339383,"flow_src_last_pkt_time":320290529,"flow_dst_last_pkt_time":287339383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":28681,"dst_port":10677,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287635205,"flow_src_last_pkt_time":320293343,"flow_dst_last_pkt_time":287635205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.189.72.230","src_port":28681,"dst_port":8161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":251737918,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314573,"flow_src_last_pkt_time":287314573,"flow_dst_last_pkt_time":287314573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"209.204.207.5","src_port":28681,"dst_port":49256,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":251737918,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314573,"flow_src_last_pkt_time":287314573,"flow_dst_last_pkt_time":287314573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"209.204.207.5","src_port":28681,"dst_port":49256,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287858940,"flow_src_last_pkt_time":287858940,"flow_dst_last_pkt_time":287858940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.91.201","src_port":28681,"dst_port":4297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287496358,"flow_src_last_pkt_time":287714018,"flow_dst_last_pkt_time":288483516,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.62.225.181","src_port":28681,"dst_port":46843,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356009,"flow_src_last_pkt_time":320291601,"flow_dst_last_pkt_time":287356009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.250.6.59","src_port":28681,"dst_port":60012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4132,11 +4278,11 @@ 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287599291,"flow_src_last_pkt_time":287599291,"flow_dst_last_pkt_time":287599291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"180.218.135.222","src_port":28681,"dst_port":49867,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287424448,"flow_src_last_pkt_time":287424448,"flow_dst_last_pkt_time":287697275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.17.132.18","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287619767,"flow_src_last_pkt_time":287619767,"flow_dst_last_pkt_time":287619767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"150.116.225.105","src_port":28681,"dst_port":51438,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316018,"flow_src_last_pkt_time":287316018,"flow_dst_last_pkt_time":287316018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316018,"flow_src_last_pkt_time":287316018,"flow_dst_last_pkt_time":287316018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287681933,"flow_src_last_pkt_time":287681933,"flow_dst_last_pkt_time":287681933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.71.72.88","src_port":28681,"dst_port":58808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287525885,"flow_src_last_pkt_time":287525885,"flow_dst_last_pkt_time":287525885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":28681,"dst_port":10791,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340969,"flow_src_last_pkt_time":320291125,"flow_dst_last_pkt_time":287340969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.39.159.60","src_port":28681,"dst_port":56896,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":311749691,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":311749691,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287384891,"flow_src_last_pkt_time":287384891,"flow_dst_last_pkt_time":287384891,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":28681,"dst_port":53144,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356560,"flow_src_last_pkt_time":320292115,"flow_dst_last_pkt_time":287356560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":28681,"dst_port":53163,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287511632,"flow_src_last_pkt_time":287511632,"flow_dst_last_pkt_time":287511632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.18.212.223","src_port":28681,"dst_port":58290,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4148,15 +4294,15 @@ 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287424939,"flow_src_last_pkt_time":287424939,"flow_dst_last_pkt_time":287424939,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":42925,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287387000,"flow_src_last_pkt_time":287557061,"flow_dst_last_pkt_time":287752626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":28681,"dst_port":8890,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287620673,"flow_src_last_pkt_time":287620673,"flow_dst_last_pkt_time":287620673,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.227.198.100","src_port":28681,"dst_port":6910,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":253024749,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310684,"flow_src_last_pkt_time":287310684,"flow_dst_last_pkt_time":287310684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.143.34.225","src_port":28681,"dst_port":20071,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":253024749,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310684,"flow_src_last_pkt_time":287310684,"flow_dst_last_pkt_time":287310684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.143.34.225","src_port":28681,"dst_port":20071,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287385508,"flow_src_last_pkt_time":287385508,"flow_dst_last_pkt_time":287385508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.176.62.40","src_port":28681,"dst_port":52755,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314979,"flow_src_last_pkt_time":287314979,"flow_dst_last_pkt_time":287314979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.114.40.175","src_port":28681,"dst_port":23552,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314979,"flow_src_last_pkt_time":287314979,"flow_dst_last_pkt_time":287314979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.114.40.175","src_port":28681,"dst_port":23552,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442230,"flow_src_last_pkt_time":287442230,"flow_dst_last_pkt_time":287442230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":59875,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287315710,"flow_src_last_pkt_time":287315710,"flow_dst_last_pkt_time":288490528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":314,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":314,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.162.27","src_port":28681,"dst_port":7986,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316233,"flow_src_last_pkt_time":287316233,"flow_dst_last_pkt_time":287316233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":28681,"dst_port":8070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287315710,"flow_src_last_pkt_time":287315710,"flow_dst_last_pkt_time":288490528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":314,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":314,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.162.27","src_port":28681,"dst_port":7986,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316233,"flow_src_last_pkt_time":287316233,"flow_dst_last_pkt_time":287316233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":28681,"dst_port":8070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442550,"flow_src_last_pkt_time":287442550,"flow_dst_last_pkt_time":287442550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.200.161","src_port":28681,"dst_port":65274,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":312955745,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":312955745,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287498581,"flow_src_last_pkt_time":287498581,"flow_dst_last_pkt_time":287719864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.242.225","src_port":28681,"dst_port":15068,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287698314,"flow_src_last_pkt_time":287698314,"flow_dst_last_pkt_time":287698314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.171.82.65","src_port":28681,"dst_port":50072,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287444268,"flow_src_last_pkt_time":287444268,"flow_dst_last_pkt_time":287749515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":28681,"dst_port":23461,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4175,14 +4321,14 @@ 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287653866,"flow_src_last_pkt_time":287653866,"flow_dst_last_pkt_time":287653866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.121.156","src_port":28681,"dst_port":3624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287341591,"flow_src_last_pkt_time":320291446,"flow_dst_last_pkt_time":287341591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":43316,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287623141,"flow_src_last_pkt_time":287623141,"flow_dst_last_pkt_time":287623141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":53454,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314125,"flow_src_last_pkt_time":287314125,"flow_dst_last_pkt_time":287314125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.94.85.113","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314125,"flow_src_last_pkt_time":287314125,"flow_dst_last_pkt_time":287314125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.94.85.113","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287523680,"flow_src_last_pkt_time":287523680,"flow_dst_last_pkt_time":287523680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.139.21.182","src_port":28681,"dst_port":50110,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339043,"flow_src_last_pkt_time":320290446,"flow_dst_last_pkt_time":287339043,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.167.248.220","src_port":28681,"dst_port":59304,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309691,"flow_src_last_pkt_time":287309691,"flow_dst_last_pkt_time":287309691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.100.76.123","src_port":28681,"dst_port":39628,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309691,"flow_src_last_pkt_time":287309691,"flow_dst_last_pkt_time":287309691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.100.76.123","src_port":28681,"dst_port":39628,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287386762,"flow_src_last_pkt_time":291154795,"flow_dst_last_pkt_time":294825827,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.89.249.8","src_port":28681,"dst_port":50649,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239821,"flow_src_last_pkt_time":229239821,"flow_dst_last_pkt_time":229239821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.122.233.15","src_port":28681,"dst_port":11488,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":311750758,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315207,"flow_src_last_pkt_time":287315207,"flow_dst_last_pkt_time":287315207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.137.106.173","src_port":28681,"dst_port":11625,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239821,"flow_src_last_pkt_time":229239821,"flow_dst_last_pkt_time":229239821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.122.233.15","src_port":28681,"dst_port":11488,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":311750758,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315207,"flow_src_last_pkt_time":287315207,"flow_dst_last_pkt_time":287315207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.137.106.173","src_port":28681,"dst_port":11625,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287320529,"flow_src_last_pkt_time":287320529,"flow_dst_last_pkt_time":287320529,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.152.218","src_port":28681,"dst_port":51153,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287429503,"flow_src_last_pkt_time":287429503,"flow_dst_last_pkt_time":287429503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":48380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3363,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287443413,"flow_src_last_pkt_time":287443413,"flow_dst_last_pkt_time":287443413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":335116667,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"180.149.125.139","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4207,21 +4353,21 @@ 01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":90039633,"flow_src_last_pkt_time":163151080,"flow_dst_last_pkt_time":90039633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":50297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":90004820,"flow_src_last_pkt_time":163118762,"flow_dst_last_pkt_time":90004820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.140.120.41","src_port":28681,"dst_port":47739,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243616097,"flow_src_last_pkt_time":287511110,"flow_dst_last_pkt_time":243616097,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"180.200.236.13","src_port":28681,"dst_port":12082,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743232,"flow_src_last_pkt_time":251743232,"flow_dst_last_pkt_time":251743232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.255.145.191","src_port":28681,"dst_port":47264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739244,"flow_src_last_pkt_time":251739244,"flow_dst_last_pkt_time":251739244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.234.216.251","src_port":28681,"dst_port":17845,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743232,"flow_src_last_pkt_time":251743232,"flow_dst_last_pkt_time":251743232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.255.145.191","src_port":28681,"dst_port":47264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739244,"flow_src_last_pkt_time":251739244,"flow_dst_last_pkt_time":251739244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.234.216.251","src_port":28681,"dst_port":17845,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251763326,"flow_src_last_pkt_time":287316376,"flow_dst_last_pkt_time":251763326,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.199.108","src_port":28681,"dst_port":56040,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251765454,"flow_src_last_pkt_time":287317165,"flow_dst_last_pkt_time":287535563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742442,"flow_src_last_pkt_time":251742442,"flow_dst_last_pkt_time":251742442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.71.44.121","src_port":28681,"dst_port":14398,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742442,"flow_src_last_pkt_time":251742442,"flow_dst_last_pkt_time":251742442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.71.44.121","src_port":28681,"dst_port":14398,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":89829259,"flow_src_last_pkt_time":174145848,"flow_dst_last_pkt_time":174528829,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":3014,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.84.178.16","src_port":28681,"dst_port":60262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740552,"flow_src_last_pkt_time":251740552,"flow_dst_last_pkt_time":251740552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.143.28.64","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740138,"flow_src_last_pkt_time":251740138,"flow_dst_last_pkt_time":251740138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.2.245","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742217,"flow_src_last_pkt_time":251742217,"flow_dst_last_pkt_time":251742217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.15.216.216","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740552,"flow_src_last_pkt_time":251740552,"flow_dst_last_pkt_time":251740552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.143.28.64","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740138,"flow_src_last_pkt_time":251740138,"flow_dst_last_pkt_time":251740138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.2.245","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742217,"flow_src_last_pkt_time":251742217,"flow_dst_last_pkt_time":251742217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.15.216.216","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":95264476,"flow_src_last_pkt_time":175759013,"flow_dst_last_pkt_time":176255145,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":3741,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.220.186.140","src_port":28681,"dst_port":27641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251801646,"flow_src_last_pkt_time":287320078,"flow_dst_last_pkt_time":251801646,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.13.148","src_port":28681,"dst_port":51896,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742020,"flow_src_last_pkt_time":251742020,"flow_dst_last_pkt_time":251742020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.35.219","src_port":28681,"dst_port":42211,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742020,"flow_src_last_pkt_time":251742020,"flow_dst_last_pkt_time":251742020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.35.219","src_port":28681,"dst_port":42211,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243619784,"flow_src_last_pkt_time":287427833,"flow_dst_last_pkt_time":287621392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.134.136","src_port":28681,"dst_port":21407,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":90005361,"flow_src_last_pkt_time":287321463,"flow_dst_last_pkt_time":287355218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":726,"flow_dst_tot_l4_payload_len":4067,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743840,"flow_src_last_pkt_time":251743840,"flow_dst_last_pkt_time":251743840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.135.15.86","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743840,"flow_src_last_pkt_time":251743840,"flow_dst_last_pkt_time":251743840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.135.15.86","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251800801,"flow_src_last_pkt_time":287319532,"flow_dst_last_pkt_time":251800801,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":45880,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243620353,"flow_src_last_pkt_time":243620353,"flow_dst_last_pkt_time":243620353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.102.148.166","src_port":28681,"dst_port":31332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251801238,"flow_src_last_pkt_time":287319859,"flow_dst_last_pkt_time":251801238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":45640,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4231,29 +4377,29 @@ 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251767577,"flow_src_last_pkt_time":287318236,"flow_dst_last_pkt_time":251767577,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.27.193.124","src_port":28681,"dst_port":50555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251800408,"flow_src_last_pkt_time":287319339,"flow_dst_last_pkt_time":251800408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":45744,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251800203,"flow_src_last_pkt_time":287319240,"flow_dst_last_pkt_time":251800203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":43457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802309,"flow_src_last_pkt_time":251802309,"flow_dst_last_pkt_time":251802309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.120.219.74","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802309,"flow_src_last_pkt_time":251802309,"flow_dst_last_pkt_time":251802309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.120.219.74","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251801076,"flow_src_last_pkt_time":287319762,"flow_dst_last_pkt_time":251801076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.18.172.208","src_port":28681,"dst_port":63172,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243616903,"flow_src_last_pkt_time":287526058,"flow_dst_last_pkt_time":287598509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.58.211.52","src_port":28681,"dst_port":3806,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243618410,"flow_src_last_pkt_time":287682903,"flow_dst_last_pkt_time":243618410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.172.10.90","src_port":28681,"dst_port":40162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743428,"flow_src_last_pkt_time":251743428,"flow_dst_last_pkt_time":251743428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.24.146.101","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768679,"flow_src_last_pkt_time":251768679,"flow_dst_last_pkt_time":251768679,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"2.28.39.18","src_port":28681,"dst_port":15672,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743428,"flow_src_last_pkt_time":251743428,"flow_dst_last_pkt_time":251743428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.24.146.101","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768679,"flow_src_last_pkt_time":251768679,"flow_dst_last_pkt_time":251768679,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"2.28.39.18","src_port":28681,"dst_port":15672,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":95443212,"flow_src_last_pkt_time":176333600,"flow_dst_last_pkt_time":176562520,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":3741,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":93714209,"flow_src_last_pkt_time":253026052,"flow_dst_last_pkt_time":93714209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251741922,"flow_src_last_pkt_time":251741922,"flow_dst_last_pkt_time":253031457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":319,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":319,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.182.39.11","src_port":28681,"dst_port":12977,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":93714209,"flow_src_last_pkt_time":253026052,"flow_dst_last_pkt_time":93714209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251741922,"flow_src_last_pkt_time":251741922,"flow_dst_last_pkt_time":253031457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":319,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":319,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.182.39.11","src_port":28681,"dst_port":12977,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619573,"flow_src_last_pkt_time":243619573,"flow_dst_last_pkt_time":243619573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.0.69.215","src_port":28681,"dst_port":12608,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":90184128,"flow_src_last_pkt_time":287700104,"flow_dst_last_pkt_time":288014846,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":645,"flow_dst_tot_l4_payload_len":3215,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741399,"flow_src_last_pkt_time":251741399,"flow_dst_last_pkt_time":251741399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.139.61.103","src_port":28681,"dst_port":24096,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741399,"flow_src_last_pkt_time":251741399,"flow_dst_last_pkt_time":251741399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.139.61.103","src_port":28681,"dst_port":24096,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00762{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":90880863,"flow_src_last_pkt_time":251768782,"flow_dst_last_pkt_time":251799257,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":755,"flow_dst_tot_l4_payload_len":4350,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":28681,"dst_port":59596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251763807,"flow_src_last_pkt_time":287316570,"flow_dst_last_pkt_time":251763807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.14.31","src_port":28681,"dst_port":54754,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619099,"flow_src_last_pkt_time":243619099,"flow_dst_last_pkt_time":243619099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.215.183.71","src_port":28681,"dst_port":31310,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741037,"flow_src_last_pkt_time":251741037,"flow_dst_last_pkt_time":251741037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.65.188.29","src_port":28681,"dst_port":24676,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741037,"flow_src_last_pkt_time":251741037,"flow_dst_last_pkt_time":251741037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.65.188.29","src_port":28681,"dst_port":24676,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":88941886,"flow_src_last_pkt_time":179376876,"flow_dst_last_pkt_time":88941886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":511,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":28681,"dst_port":52367,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":90073006,"flow_src_last_pkt_time":287483764,"flow_dst_last_pkt_time":287523854,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":645,"flow_dst_tot_l4_payload_len":3207,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740694,"flow_src_last_pkt_time":251740694,"flow_dst_last_pkt_time":251740694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.177.52.73","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741613,"flow_src_last_pkt_time":251741613,"flow_dst_last_pkt_time":251741613,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.129.149.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740694,"flow_src_last_pkt_time":251740694,"flow_dst_last_pkt_time":251740694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.177.52.73","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741613,"flow_src_last_pkt_time":251741613,"flow_dst_last_pkt_time":251741613,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.129.149.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":95264285,"flow_src_last_pkt_time":179735999,"flow_dst_last_pkt_time":95264285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251769188,"flow_src_last_pkt_time":251769188,"flow_dst_last_pkt_time":251769188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.214.12.247","src_port":28681,"dst_port":44001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768912,"flow_src_last_pkt_time":251768912,"flow_dst_last_pkt_time":251768912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"70.119.248.5","src_port":28681,"dst_port":49929,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251769188,"flow_src_last_pkt_time":251769188,"flow_dst_last_pkt_time":251769188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.214.12.247","src_port":28681,"dst_port":44001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768912,"flow_src_last_pkt_time":251768912,"flow_dst_last_pkt_time":251768912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"70.119.248.5","src_port":28681,"dst_port":49929,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01194{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":90072798,"flow_src_last_pkt_time":320293489,"flow_dst_last_pkt_time":287667256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":4554,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251764559,"flow_src_last_pkt_time":287316810,"flow_dst_last_pkt_time":251764559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.70.199.107","src_port":28681,"dst_port":60475,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251799958,"flow_src_last_pkt_time":287319131,"flow_dst_last_pkt_time":251799958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":46790,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4264,84 +4410,84 @@ 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243617811,"flow_src_last_pkt_time":287381889,"flow_dst_last_pkt_time":288007245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.64.6.175","src_port":28681,"dst_port":4743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243616362,"flow_src_last_pkt_time":287426947,"flow_dst_last_pkt_time":287785960,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":110,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.241.204.61","src_port":28681,"dst_port":43366,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766760,"flow_src_last_pkt_time":287317745,"flow_dst_last_pkt_time":251766760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.241.112.255","src_port":28681,"dst_port":14766,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742656,"flow_src_last_pkt_time":251742656,"flow_dst_last_pkt_time":251742656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.162.97.8","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742656,"flow_src_last_pkt_time":251742656,"flow_dst_last_pkt_time":251742656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.162.97.8","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243615643,"flow_src_last_pkt_time":287318910,"flow_dst_last_pkt_time":243615643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.182.136.42","src_port":28681,"dst_port":27873,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766427,"flow_src_last_pkt_time":287317645,"flow_dst_last_pkt_time":251766427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.153.206.183","src_port":28681,"dst_port":16919,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766030,"flow_src_last_pkt_time":287317454,"flow_dst_last_pkt_time":251766030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.127.26.138","src_port":28681,"dst_port":3083,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742343,"flow_src_last_pkt_time":251742343,"flow_dst_last_pkt_time":251742343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"145.82.53.165","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742343,"flow_src_last_pkt_time":251742343,"flow_dst_last_pkt_time":251742343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"145.82.53.165","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":90039956,"flow_src_last_pkt_time":287497328,"flow_dst_last_pkt_time":90039956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":271,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251767408,"flow_src_last_pkt_time":287318133,"flow_dst_last_pkt_time":251767408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"210.194.116.78","src_port":28681,"dst_port":8342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766203,"flow_src_last_pkt_time":287317526,"flow_dst_last_pkt_time":251766203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.121.156","src_port":28681,"dst_port":23183,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251735839,"flow_src_last_pkt_time":251735839,"flow_dst_last_pkt_time":251735839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.178.192.76","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253024623,"flow_src_last_pkt_time":253024623,"flow_dst_last_pkt_time":253024623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"107.4.56.177","src_port":28681,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739607,"flow_src_last_pkt_time":251739607,"flow_dst_last_pkt_time":251739607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.27.3.68","src_port":28681,"dst_port":57380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251735839,"flow_src_last_pkt_time":251735839,"flow_dst_last_pkt_time":251735839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.178.192.76","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253024623,"flow_src_last_pkt_time":253024623,"flow_dst_last_pkt_time":253024623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"107.4.56.177","src_port":28681,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739607,"flow_src_last_pkt_time":251739607,"flow_dst_last_pkt_time":251739607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.27.3.68","src_port":28681,"dst_port":57380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243620457,"flow_src_last_pkt_time":243620457,"flow_dst_last_pkt_time":243620457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.39.219.223","src_port":28681,"dst_port":31728,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251799823,"flow_src_last_pkt_time":287319016,"flow_dst_last_pkt_time":251799823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":47184,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":139506262,"flow_src_last_pkt_time":176963996,"flow_dst_last_pkt_time":177166012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":394,"flow_dst_tot_l4_payload_len":1560,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"63.228.175.169","src_port":28681,"dst_port":1936,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251769032,"flow_src_last_pkt_time":251769032,"flow_dst_last_pkt_time":252632878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":327,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.64.177.53","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251769032,"flow_src_last_pkt_time":251769032,"flow_dst_last_pkt_time":252632878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":327,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.64.177.53","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":139506098,"flow_src_last_pkt_time":168391152,"flow_dst_last_pkt_time":168554777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":162,"flow_dst_tot_l4_payload_len":1454,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.118.53.212","src_port":28681,"dst_port":29998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743039,"flow_src_last_pkt_time":251743039,"flow_dst_last_pkt_time":251743039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.124.71.246","src_port":28681,"dst_port":49035,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743039,"flow_src_last_pkt_time":251743039,"flow_dst_last_pkt_time":251743039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.124.71.246","src_port":28681,"dst_port":49035,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243618881,"flow_src_last_pkt_time":287524310,"flow_dst_last_pkt_time":243618881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.7.145.36","src_port":28681,"dst_port":33905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00761{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":90871417,"flow_src_last_pkt_time":251739691,"flow_dst_last_pkt_time":251762907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":1077,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":28681,"dst_port":30566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":89829104,"flow_src_last_pkt_time":287443257,"flow_dst_last_pkt_time":174144907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":3014,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619924,"flow_src_last_pkt_time":243619924,"flow_dst_last_pkt_time":243619924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"191.114.88.39","src_port":28681,"dst_port":18751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":90845230,"flow_src_last_pkt_time":174303687,"flow_dst_last_pkt_time":174321070,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":146,"flow_dst_tot_l4_payload_len":855,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":28681,"dst_port":11852,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251946178,"flow_src_last_pkt_time":251946178,"flow_dst_last_pkt_time":251946178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","src_port":1026,"dst_port":28681,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251738882,"flow_src_last_pkt_time":251738882,"flow_dst_last_pkt_time":251738882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.219.202.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741806,"flow_src_last_pkt_time":251741806,"flow_dst_last_pkt_time":251741806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.127.34","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741506,"flow_src_last_pkt_time":251741506,"flow_dst_last_pkt_time":251741506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.187.236.179","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251738882,"flow_src_last_pkt_time":251738882,"flow_dst_last_pkt_time":251738882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.219.202.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741806,"flow_src_last_pkt_time":251741806,"flow_dst_last_pkt_time":251741806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.127.34","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741506,"flow_src_last_pkt_time":251741506,"flow_dst_last_pkt_time":251741506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.187.236.179","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":95784399,"flow_src_last_pkt_time":287465597,"flow_dst_last_pkt_time":287572441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":327,"flow_dst_tot_l4_payload_len":2511,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243615848,"flow_src_last_pkt_time":287381383,"flow_dst_last_pkt_time":287944648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"156.57.42.2","src_port":28681,"dst_port":33476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":253025155,"flow_src_last_pkt_time":311751466,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":253025155,"flow_src_last_pkt_time":311751466,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":90138188,"flow_src_last_pkt_time":287318627,"flow_dst_last_pkt_time":287634909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":645,"flow_dst_tot_l4_payload_len":3364,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00763{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":89016303,"flow_src_last_pkt_time":176563028,"flow_dst_last_pkt_time":176659064,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":824,"flow_dst_tot_l4_payload_len":3953,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":53258,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742554,"flow_src_last_pkt_time":251742554,"flow_dst_last_pkt_time":251742554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.13.30","src_port":28681,"dst_port":15138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742554,"flow_src_last_pkt_time":251742554,"flow_dst_last_pkt_time":251742554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.13.30","src_port":28681,"dst_port":15138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":95716693,"flow_src_last_pkt_time":287380885,"flow_dst_last_pkt_time":287440521,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":1755,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739411,"flow_src_last_pkt_time":251739411,"flow_dst_last_pkt_time":251739411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.31.118","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739411,"flow_src_last_pkt_time":251739411,"flow_dst_last_pkt_time":251739411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.31.118","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243618625,"flow_src_last_pkt_time":243618625,"flow_dst_last_pkt_time":243618625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.135.8.7","src_port":28681,"dst_port":1219,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00761{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":90864578,"flow_src_last_pkt_time":287313728,"flow_dst_last_pkt_time":287337870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":1077,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":53489,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":90039406,"flow_src_last_pkt_time":287381612,"flow_dst_last_pkt_time":287415538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":807,"flow_dst_tot_l4_payload_len":4817,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741302,"flow_src_last_pkt_time":251741302,"flow_dst_last_pkt_time":251741302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.247.160.96","src_port":28681,"dst_port":17817,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741302,"flow_src_last_pkt_time":251741302,"flow_dst_last_pkt_time":251741302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.247.160.96","src_port":28681,"dst_port":17817,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251767115,"flow_src_last_pkt_time":287317920,"flow_dst_last_pkt_time":251767115,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.165.228.167","src_port":28681,"dst_port":12201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":253025433,"flow_src_last_pkt_time":312955333,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.68.45.203","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740418,"flow_src_last_pkt_time":251740418,"flow_dst_last_pkt_time":251740418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.28.130.131","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":253025433,"flow_src_last_pkt_time":312955333,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.68.45.203","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740418,"flow_src_last_pkt_time":251740418,"flow_dst_last_pkt_time":251740418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.28.130.131","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":89829492,"flow_src_last_pkt_time":287526703,"flow_dst_last_pkt_time":89829492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":271,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243616746,"flow_src_last_pkt_time":287422960,"flow_dst_last_pkt_time":287697244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.86.49.195","src_port":28681,"dst_port":12019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251742117,"flow_src_last_pkt_time":251742117,"flow_dst_last_pkt_time":252853049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":322,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":322,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.6.226","src_port":28681,"dst_port":9713,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743729,"flow_src_last_pkt_time":251743729,"flow_dst_last_pkt_time":251743729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.86.190.163","src_port":28681,"dst_port":14142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739069,"flow_src_last_pkt_time":251739069,"flow_dst_last_pkt_time":251739069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"197.244.171.132","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251742117,"flow_src_last_pkt_time":251742117,"flow_dst_last_pkt_time":252853049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":322,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":322,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.6.226","src_port":28681,"dst_port":9713,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743729,"flow_src_last_pkt_time":251743729,"flow_dst_last_pkt_time":251743729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.86.190.163","src_port":28681,"dst_port":14142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739069,"flow_src_last_pkt_time":251739069,"flow_dst_last_pkt_time":251739069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"197.244.171.132","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766954,"flow_src_last_pkt_time":287317823,"flow_dst_last_pkt_time":251766954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.240.113","src_port":28681,"dst_port":13867,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742837,"flow_src_last_pkt_time":251742837,"flow_dst_last_pkt_time":251742837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.215.213","src_port":28681,"dst_port":23576,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743527,"flow_src_last_pkt_time":251743527,"flow_dst_last_pkt_time":251743527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.68.179.137","src_port":28681,"dst_port":6406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251741183,"flow_src_last_pkt_time":251741183,"flow_dst_last_pkt_time":252054388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":309,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":28681,"dst_port":8255,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742837,"flow_src_last_pkt_time":251742837,"flow_dst_last_pkt_time":251742837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.215.213","src_port":28681,"dst_port":23576,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743527,"flow_src_last_pkt_time":251743527,"flow_dst_last_pkt_time":251743527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.68.179.137","src_port":28681,"dst_port":6406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251741183,"flow_src_last_pkt_time":251741183,"flow_dst_last_pkt_time":252054388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":309,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":28681,"dst_port":8255,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":243617373,"flow_src_last_pkt_time":243617373,"flow_dst_last_pkt_time":243755535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.71.243.60","src_port":28681,"dst_port":34498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740269,"flow_src_last_pkt_time":251740269,"flow_dst_last_pkt_time":251740269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.194.53.68","src_port":28681,"dst_port":33770,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802485,"flow_src_last_pkt_time":251802485,"flow_dst_last_pkt_time":251802485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.193.23.172","src_port":28681,"dst_port":42227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251734977,"flow_src_last_pkt_time":251734977,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740269,"flow_src_last_pkt_time":251740269,"flow_dst_last_pkt_time":251740269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.194.53.68","src_port":28681,"dst_port":33770,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802485,"flow_src_last_pkt_time":251802485,"flow_dst_last_pkt_time":251802485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.193.23.172","src_port":28681,"dst_port":42227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251734977,"flow_src_last_pkt_time":251734977,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":90138798,"flow_src_last_pkt_time":174723421,"flow_dst_last_pkt_time":90138798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.217.176.52","src_port":28681,"dst_port":7446,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":90005045,"flow_src_last_pkt_time":287553240,"flow_dst_last_pkt_time":287678696,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":807,"flow_dst_tot_l4_payload_len":4798,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739830,"flow_src_last_pkt_time":251739830,"flow_dst_last_pkt_time":251739830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739830,"flow_src_last_pkt_time":251739830,"flow_dst_last_pkt_time":251739830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251768320,"flow_src_last_pkt_time":287318727,"flow_dst_last_pkt_time":287699802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.7.155.210","src_port":28681,"dst_port":28365,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251765853,"flow_src_last_pkt_time":287317359,"flow_dst_last_pkt_time":287440578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":110,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.227.193.37","src_port":28681,"dst_port":27481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619335,"flow_src_last_pkt_time":243619335,"flow_dst_last_pkt_time":243619335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"144.134.132.206","src_port":28681,"dst_port":16401,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743945,"flow_src_last_pkt_time":251743945,"flow_dst_last_pkt_time":251743945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.165.170.112","src_port":28681,"dst_port":37087,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743945,"flow_src_last_pkt_time":251743945,"flow_dst_last_pkt_time":251743945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.165.170.112","src_port":28681,"dst_port":37087,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251764953,"flow_src_last_pkt_time":287316986,"flow_dst_last_pkt_time":287579860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":28681,"dst_port":15677,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251767266,"flow_src_last_pkt_time":287318019,"flow_dst_last_pkt_time":251767266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.89.84.59","src_port":28681,"dst_port":11603,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619466,"flow_src_last_pkt_time":243619466,"flow_dst_last_pkt_time":243619466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"161.81.38.67","src_port":28681,"dst_port":9539,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743626,"flow_src_last_pkt_time":251743626,"flow_dst_last_pkt_time":251743626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.38.163.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743626,"flow_src_last_pkt_time":251743626,"flow_dst_last_pkt_time":251743626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.38.163.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":95784128,"flow_src_last_pkt_time":287510470,"flow_dst_last_pkt_time":287857497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":327,"flow_dst_tot_l4_payload_len":2512,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":90138420,"flow_src_last_pkt_time":287441093,"flow_dst_last_pkt_time":287483363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":645,"flow_dst_tot_l4_payload_len":3345,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251764380,"flow_src_last_pkt_time":287316765,"flow_dst_last_pkt_time":251764380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.165.153.100","src_port":28681,"dst_port":4509,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741711,"flow_src_last_pkt_time":251741711,"flow_dst_last_pkt_time":251741711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.193.236.8","src_port":28681,"dst_port":46557,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741711,"flow_src_last_pkt_time":251741711,"flow_dst_last_pkt_time":251741711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.193.236.8","src_port":28681,"dst_port":46557,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243619673,"flow_src_last_pkt_time":287426068,"flow_dst_last_pkt_time":243619673,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.115.158.103","src_port":28681,"dst_port":5110,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743139,"flow_src_last_pkt_time":251743139,"flow_dst_last_pkt_time":251743139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.6.118.53","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743139,"flow_src_last_pkt_time":251743139,"flow_dst_last_pkt_time":251743139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.6.118.53","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251768524,"flow_src_last_pkt_time":287318821,"flow_dst_last_pkt_time":287532561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"101.128.66.8","src_port":28681,"dst_port":34512,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243617142,"flow_src_last_pkt_time":287443836,"flow_dst_last_pkt_time":287618162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.175.11.126","src_port":28681,"dst_port":40958,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251801900,"flow_src_last_pkt_time":287320181,"flow_dst_last_pkt_time":251801900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.74.26","src_port":28681,"dst_port":65498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251743326,"flow_src_last_pkt_time":251743326,"flow_dst_last_pkt_time":252481655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":304,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":304,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.24.182.130","src_port":28681,"dst_port":22232,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251743326,"flow_src_last_pkt_time":251743326,"flow_dst_last_pkt_time":252481655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":304,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":304,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.24.182.130","src_port":28681,"dst_port":22232,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251767708,"flow_src_last_pkt_time":287318322,"flow_dst_last_pkt_time":251767708,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243620225,"flow_src_last_pkt_time":243620225,"flow_dst_last_pkt_time":243620225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":24634,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742935,"flow_src_last_pkt_time":251742935,"flow_dst_last_pkt_time":251742935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.8.95.165","src_port":28681,"dst_port":40763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742935,"flow_src_last_pkt_time":251742935,"flow_dst_last_pkt_time":251742935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.8.95.165","src_port":28681,"dst_port":40763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251800960,"flow_src_last_pkt_time":287319660,"flow_dst_last_pkt_time":251800960,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":28681,"dst_port":63978,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251800608,"flow_src_last_pkt_time":287319436,"flow_dst_last_pkt_time":251800608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":28681,"dst_port":33564,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3379,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":90183929,"flow_src_last_pkt_time":174679514,"flow_dst_last_pkt_time":90183929,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":346607370,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":11603,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -4376,13 +4522,13 @@ 01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":168428692,"flow_src_last_pkt_time":174303640,"flow_dst_last_pkt_time":168428692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":357935339,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"198.58.218.12","src_port":28681,"dst_port":47912,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":90138798,"flow_src_last_pkt_time":174723421,"flow_dst_last_pkt_time":90138798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":357935339,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.217.176.52","src_port":28681,"dst_port":7446,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":90183929,"flow_src_last_pkt_time":174679514,"flow_dst_last_pkt_time":90183929,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":357935339,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":11603,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":264769911,"flow_src_last_pkt_time":264769911,"flow_dst_last_pkt_time":265025254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":301,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":301,"midstream":0,"thread_ts_usec":357935339,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":28681,"dst_port":9852,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770979,"flow_src_last_pkt_time":264770979,"flow_dst_last_pkt_time":264770979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":357935339,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.3.215.132","src_port":28681,"dst_port":20356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":264769911,"flow_src_last_pkt_time":264769911,"flow_dst_last_pkt_time":265025254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":301,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":301,"midstream":0,"thread_ts_usec":357935339,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":28681,"dst_port":9852,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770979,"flow_src_last_pkt_time":264770979,"flow_dst_last_pkt_time":264770979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":357935339,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.3.215.132","src_port":28681,"dst_port":20356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01034{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":288409044,"flow_src_last_pkt_time":288409044,"flow_dst_last_pkt_time":288409044,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":357935339,"l3_proto":"ip4","src_ip":"164.132.10.25","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770348,"flow_src_last_pkt_time":264770348,"flow_dst_last_pkt_time":264770348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":357935339,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"108.44.45.25","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264769233,"flow_src_last_pkt_time":264769233,"flow_dst_last_pkt_time":264769233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":357935339,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":264771328,"flow_src_last_pkt_time":264771328,"flow_dst_last_pkt_time":265818202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":303,"midstream":0,"thread_ts_usec":357935339,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.42.210","src_port":28681,"dst_port":5512,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264771658,"flow_src_last_pkt_time":264771658,"flow_dst_last_pkt_time":264771658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":357935339,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.94.41.71","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770348,"flow_src_last_pkt_time":264770348,"flow_dst_last_pkt_time":264770348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":357935339,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"108.44.45.25","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264769233,"flow_src_last_pkt_time":264769233,"flow_dst_last_pkt_time":264769233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":357935339,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":264771328,"flow_src_last_pkt_time":264771328,"flow_dst_last_pkt_time":265818202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":303,"midstream":0,"thread_ts_usec":357935339,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.42.210","src_port":28681,"dst_port":5512,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3396,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264771658,"flow_src_last_pkt_time":264771658,"flow_dst_last_pkt_time":264771658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":357935339,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.94.41.71","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3398,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":5,"flow_src_last_pkt_time":365428420,"flow_dst_last_pkt_time":350981610,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":365428420,"pkt":"UlQAEjUCCAAn5uVZCABFAAA5UWgAAIARlbkKAAIPVEfzPHAJhsIAJZk1RFYxAtki71D\/WZwDWIvRAwABAAYAAADDg0dVRUA="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3409,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":4,"flow_src_last_pkt_time":371836867,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":371836867,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0NSYAAIARFyYKAAIPsL8xn3AJGMoAICcGR05EED\/4AQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3412,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":5,"flow_src_last_pkt_time":371837366,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":371837366,"pkt":"UlQAEjUCCAAn5uVZCABFAAA00HQAAIARI3gKAAIPfCy+kXAJJ7oAIL+zR05EED\/7AQFUC1FLUlAGUk5BXS\/iNQlw"} @@ -4393,60 +4539,62 @@ 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3420,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":4,"flow_src_last_pkt_time":371838816,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":371838816,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0SbwAAIARjAEKAAIPdqbiRnAJGMoAILBsR05EEEADAQFUC1FLUlAGUk5BXS\/iNQlw"} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":371838970,"flow_src_last_pkt_time":371838970,"flow_dst_last_pkt_time":371838970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371838970,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_packet_id":1,"flow_src_last_pkt_time":371838970,"flow_dst_last_pkt_time":371838970,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":371838970,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05JUAAIARi24KAAIPU4ZrIHAJl7QAIMvHR05EEEAEAQFUC1FLUlAGUk5BXS\/iNQlw"} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3421,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":371838970,"flow_src_last_pkt_time":371838970,"flow_dst_last_pkt_time":371838970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371838970,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3422,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":3,"flow_src_last_pkt_time":371839164,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":371839164,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0RwUAAIARmdUKAAIPvpmPNnAJ\/\/8AINRRR05EEEAFAQFUC1FLUlAGUk5BXS\/iNQlw"} 00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":88941886,"flow_src_last_pkt_time":179376876,"flow_dst_last_pkt_time":88941886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":511,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":28681,"dst_port":52367,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":88941886,"flow_src_last_pkt_time":179376876,"flow_dst_last_pkt_time":88941886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":511,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":28681,"dst_port":52367,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":95264285,"flow_src_last_pkt_time":179735999,"flow_dst_last_pkt_time":95264285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312956911,"flow_src_last_pkt_time":312956911,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312956911,"flow_src_last_pkt_time":312956911,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":101162745,"flow_src_last_pkt_time":287624798,"flow_dst_last_pkt_time":177309077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":3014,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":168555545,"flow_src_last_pkt_time":287428135,"flow_dst_last_pkt_time":287464674,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":483,"flow_dst_tot_l4_payload_len":1891,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312957614,"flow_src_last_pkt_time":312957614,"flow_dst_last_pkt_time":312957614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":371837257,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":311749444,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":311752229,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312957614,"flow_src_last_pkt_time":312957614,"flow_dst_last_pkt_time":312957614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":371837257,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":311749444,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":311752229,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":124066131,"flow_src_last_pkt_time":287321260,"flow_dst_last_pkt_time":124181723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":115369554,"flow_src_last_pkt_time":287313555,"flow_dst_last_pkt_time":287650021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":78,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":265,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":28681,"dst_port":37058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":101837355,"flow_src_last_pkt_time":287806064,"flow_dst_last_pkt_time":289958480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":274,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01064{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":192636357,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":312957021,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":312957021,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":124090730,"flow_src_last_pkt_time":287316477,"flow_dst_last_pkt_time":287421199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":95923574,"flow_src_last_pkt_time":287443565,"flow_dst_last_pkt_time":95923574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":371837471,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":312956203,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":71536330,"flow_src_last_pkt_time":350798579,"flow_dst_last_pkt_time":351075803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":371836228,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":371837471,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":312956203,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":71536330,"flow_src_last_pkt_time":350798579,"flow_dst_last_pkt_time":351075803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":371836228,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":116628965,"flow_src_last_pkt_time":287381237,"flow_dst_last_pkt_time":287357971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":592,"flow_dst_tot_l4_payload_len":2531,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":371837958,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":371837833,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312957456,"flow_src_last_pkt_time":312957456,"flow_dst_last_pkt_time":312957456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.115.218.152","src_port":28681,"dst_port":5900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":311752090,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":192908239,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":312957127,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":371837045,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":371837958,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":371837833,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312957456,"flow_src_last_pkt_time":312957456,"flow_dst_last_pkt_time":312957456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.115.218.152","src_port":28681,"dst_port":5900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":311752090,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":192908239,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":312957127,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":371837045,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":95893685,"flow_src_last_pkt_time":287318509,"flow_dst_last_pkt_time":287340787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":1668,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":124090360,"flow_src_last_pkt_time":287697560,"flow_dst_last_pkt_time":287890845,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312956768,"flow_src_last_pkt_time":312956768,"flow_dst_last_pkt_time":312956768,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312956768,"flow_src_last_pkt_time":312956768,"flow_dst_last_pkt_time":312956768,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":219447137,"flow_src_last_pkt_time":219447137,"flow_dst_last_pkt_time":219447137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.187.171.240","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":251742741,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":371837366,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":251742741,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":371837366,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":95893239,"flow_src_last_pkt_time":287522940,"flow_dst_last_pkt_time":287579763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":1785,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":371835925,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312961164,"flow_src_last_pkt_time":312961164,"flow_dst_last_pkt_time":312961164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.140.96","src_port":28681,"dst_port":14400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":311749833,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":311751018,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":371838692,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":371835925,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312961164,"flow_src_last_pkt_time":312961164,"flow_dst_last_pkt_time":312961164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.140.96","src_port":28681,"dst_port":14400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":311749833,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":311751018,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":371838692,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01194{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":174303564,"flow_src_last_pkt_time":287488029,"flow_dst_last_pkt_time":287509796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":1040,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":253024867,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":371836386,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":312956056,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":251739950,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":253024867,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":371836386,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":312956056,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":251739950,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":123912731,"flow_src_last_pkt_time":287321365,"flow_dst_last_pkt_time":123912731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":253024371,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":312955935,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":253024371,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":312955935,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":174342792,"flow_src_last_pkt_time":287510770,"flow_dst_last_pkt_time":174648242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":114,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":311751275,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3424,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":311751275,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":371891623,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3427,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":373494060,"flow_src_last_pkt_time":373494060,"flow_dst_last_pkt_time":373494060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":373494060,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.68.255","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3427,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_packet_id":1,"flow_src_last_pkt_time":373494060,"flow_dst_last_pkt_time":373494060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":373494060,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0M5cAAIARjLAKAAIPKWRE\/3AJMiYAIIGXR05EEEAGAQFUC1FLUlAGUk5BXS\/iNQlw"} +01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3427,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":373494060,"flow_src_last_pkt_time":373494060,"flow_dst_last_pkt_time":373494060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":373494060,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.68.255","src_port":28681,"dst_port":12838,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3428,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":5,"flow_src_last_pkt_time":373494210,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":373494210,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0rnUAAIARKD8KAAIPWjv9unAJPMMAII1mR05EEEAHAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3429,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":4,"flow_src_last_pkt_time":373494338,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":373494338,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0f7EAAIAR17cKAAIPd+BfYXAJtRQAIJXIR05EEEAIAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3431,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":5,"flow_src_last_pkt_time":373494665,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":373494665,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0jJYAAIARUAUKAAIPp3KqnHAJXSQAIHLpR05EEEAKAQFUC1FLUlAGUk5BXS\/iNQlw"} @@ -4470,46 +4618,44 @@ 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3450,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":5,"flow_src_last_pkt_time":373498296,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":373498296,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0WlAAAIARMv4KAAIPVhdLRXAJGMoAIGfjR05EEEAdAQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3458,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":2,"flow_src_last_pkt_time":381404139,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":381404139,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0860AAIARiigKAAIPgS0vp3AJGMoAIFhpR05EEEAfAQFUC1FLUlAGUk5BXS\/iNQlw"} 01062{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":16487243,"flow_src_last_pkt_time":192636357,"flow_dst_last_pkt_time":16487243,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":192908239,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":192908239,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060665,"flow_src_last_pkt_time":192907653,"flow_dst_last_pkt_time":82060665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060665,"flow_src_last_pkt_time":192907653,"flow_dst_last_pkt_time":82060665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72852834,"flow_src_last_pkt_time":192908239,"flow_dst_last_pkt_time":72852834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060665,"flow_src_last_pkt_time":192907653,"flow_dst_last_pkt_time":82060665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287425184,"flow_src_last_pkt_time":287425184,"flow_dst_last_pkt_time":287425184,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.148.100.237","src_port":28681,"dst_port":23459,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287428629,"flow_src_last_pkt_time":287428629,"flow_dst_last_pkt_time":287428629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.124.66.33","src_port":28681,"dst_port":13060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287484830,"flow_src_last_pkt_time":287484830,"flow_dst_last_pkt_time":287484830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.172.184.48","src_port":28681,"dst_port":13281,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287341251,"flow_src_last_pkt_time":320291193,"flow_dst_last_pkt_time":287341251,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.184.29.35","src_port":28681,"dst_port":30582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287321004,"flow_src_last_pkt_time":287321004,"flow_dst_last_pkt_time":287321004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.234.197.93","src_port":28681,"dst_port":1483,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287313271,"flow_src_last_pkt_time":287313271,"flow_dst_last_pkt_time":287313271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.142.109.190","src_port":28681,"dst_port":41370,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287313271,"flow_src_last_pkt_time":287313271,"flow_dst_last_pkt_time":287313271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.142.109.190","src_port":28681,"dst_port":41370,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287589463,"flow_src_last_pkt_time":287589463,"flow_dst_last_pkt_time":287589463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.200.235","src_port":28681,"dst_port":2846,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287444410,"flow_src_last_pkt_time":287444410,"flow_dst_last_pkt_time":287444410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":28681,"dst_port":59016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287623920,"flow_src_last_pkt_time":287623920,"flow_dst_last_pkt_time":287623920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.18.212.223","src_port":28681,"dst_port":50637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287650717,"flow_src_last_pkt_time":287650717,"flow_dst_last_pkt_time":287650717,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.206.27.26","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314350,"flow_src_last_pkt_time":287314350,"flow_dst_last_pkt_time":287314350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.47.223.27","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309338,"flow_src_last_pkt_time":287309338,"flow_dst_last_pkt_time":287309338,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.173.230.98","src_port":28681,"dst_port":19004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314350,"flow_src_last_pkt_time":287314350,"flow_dst_last_pkt_time":287314350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.47.223.27","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309338,"flow_src_last_pkt_time":287309338,"flow_dst_last_pkt_time":287309338,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.173.230.98","src_port":28681,"dst_port":19004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339588,"flow_src_last_pkt_time":320290592,"flow_dst_last_pkt_time":287339588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.229.185.60","src_port":28681,"dst_port":6898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287429914,"flow_src_last_pkt_time":287429914,"flow_dst_last_pkt_time":287624396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.36.249.91","src_port":28681,"dst_port":7190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287651077,"flow_src_last_pkt_time":287651077,"flow_dst_last_pkt_time":287651077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.190.184","src_port":28681,"dst_port":64163,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308993,"flow_src_last_pkt_time":287308993,"flow_dst_last_pkt_time":287308993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.247.89.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":373494210,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":371837679,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":373495111,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308993,"flow_src_last_pkt_time":287308993,"flow_dst_last_pkt_time":287308993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.247.89.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":373494210,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":371837679,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":373495111,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00945{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":280014541,"flow_src_last_pkt_time":283055110,"flow_dst_last_pkt_time":280014541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57552,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442897,"flow_src_last_pkt_time":287442897,"flow_dst_last_pkt_time":287442897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.36.249.91","src_port":28681,"dst_port":64577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287485837,"flow_src_last_pkt_time":287485837,"flow_dst_last_pkt_time":287485837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":3227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287511462,"flow_src_last_pkt_time":287511462,"flow_dst_last_pkt_time":287511462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.10.152","src_port":28681,"dst_port":21293,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287859998,"flow_src_last_pkt_time":287859998,"flow_dst_last_pkt_time":287859998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.25.47","src_port":28681,"dst_port":21293,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315409,"flow_src_last_pkt_time":287315409,"flow_dst_last_pkt_time":287315409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.246.147.72","src_port":28681,"dst_port":4572,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315409,"flow_src_last_pkt_time":287315409,"flow_dst_last_pkt_time":287315409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.246.147.72","src_port":28681,"dst_port":4572,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287858651,"flow_src_last_pkt_time":287858651,"flow_dst_last_pkt_time":287858651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.199.148.6","src_port":28681,"dst_port":4338,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287441868,"flow_src_last_pkt_time":287441868,"flow_dst_last_pkt_time":287441868,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":28681,"dst_port":52274,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287600343,"flow_src_last_pkt_time":287600343,"flow_dst_last_pkt_time":287600343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.118.77","src_port":28681,"dst_port":62191,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287859998,"flow_src_last_pkt_time":287859998,"flow_dst_last_pkt_time":287859998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":3256,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356130,"flow_src_last_pkt_time":320291674,"flow_dst_last_pkt_time":287356130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":3259,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287496517,"flow_src_last_pkt_time":287539055,"flow_dst_last_pkt_time":287579829,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":28681,"dst_port":16201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":371836867,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":373495642,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":371836867,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":373495642,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287469025,"flow_src_last_pkt_time":287753028,"flow_dst_last_pkt_time":288019720,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.208.167.152","src_port":28681,"dst_port":30628,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287441707,"flow_src_last_pkt_time":287441707,"flow_dst_last_pkt_time":287441707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.18.212.223","src_port":28681,"dst_port":58954,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":253025967,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":253025967,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287681495,"flow_src_last_pkt_time":287681495,"flow_dst_last_pkt_time":287681495,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":28681,"dst_port":51379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287430116,"flow_src_last_pkt_time":287430116,"flow_dst_last_pkt_time":287430116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":28681,"dst_port":9747,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287423574,"flow_src_last_pkt_time":287423574,"flow_dst_last_pkt_time":287423574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.40.163.123","src_port":28681,"dst_port":55341,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4531,9 +4677,9 @@ 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339727,"flow_src_last_pkt_time":320290625,"flow_dst_last_pkt_time":287339727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":54436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287653242,"flow_src_last_pkt_time":287653242,"flow_dst_last_pkt_time":287653242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.14.31","src_port":28681,"dst_port":64871,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":288355413,"flow_src_last_pkt_time":288355413,"flow_dst_last_pkt_time":288355413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":48250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310956,"flow_src_last_pkt_time":287310956,"flow_dst_last_pkt_time":287310956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310956,"flow_src_last_pkt_time":287310956,"flow_dst_last_pkt_time":287310956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287621585,"flow_src_last_pkt_time":287621585,"flow_dst_last_pkt_time":287621585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":54459,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312421,"flow_src_last_pkt_time":287312421,"flow_dst_last_pkt_time":287312421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"136.32.84.139","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312421,"flow_src_last_pkt_time":287312421,"flow_dst_last_pkt_time":287312421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"136.32.84.139","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287357163,"flow_src_last_pkt_time":320292378,"flow_dst_last_pkt_time":287357163,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":59879,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287485157,"flow_src_last_pkt_time":287485157,"flow_dst_last_pkt_time":287485157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":28681,"dst_port":1630,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287624187,"flow_src_last_pkt_time":287624187,"flow_dst_last_pkt_time":287624187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.93.150.146","src_port":28681,"dst_port":62507,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4544,11 +4690,11 @@ 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287486202,"flow_src_last_pkt_time":287486202,"flow_dst_last_pkt_time":287486202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.234.18.166","src_port":28681,"dst_port":61319,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340857,"flow_src_last_pkt_time":320291054,"flow_dst_last_pkt_time":287340857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":28681,"dst_port":51675,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287681721,"flow_src_last_pkt_time":287681721,"flow_dst_last_pkt_time":287681721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.174.174.69","src_port":28681,"dst_port":21358,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":371839164,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":371839164,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287467615,"flow_src_last_pkt_time":287467615,"flow_dst_last_pkt_time":287467615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.118.77","src_port":28681,"dst_port":60482,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":289961626,"flow_src_last_pkt_time":289961626,"flow_dst_last_pkt_time":290166113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287443704,"flow_src_last_pkt_time":287443704,"flow_dst_last_pkt_time":287443704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":42288,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":373496723,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":373496723,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287859998,"flow_src_last_pkt_time":287859998,"flow_dst_last_pkt_time":287859998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":19814,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287428877,"flow_src_last_pkt_time":287428877,"flow_dst_last_pkt_time":287428877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.134.154.158","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287342606,"flow_src_last_pkt_time":287680998,"flow_dst_last_pkt_time":288307881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.238.145.82","src_port":28681,"dst_port":33527,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4559,19 +4705,19 @@ 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287622365,"flow_src_last_pkt_time":287622365,"flow_dst_last_pkt_time":287622365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":28681,"dst_port":8349,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356336,"flow_src_last_pkt_time":320291809,"flow_dst_last_pkt_time":287356336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":28681,"dst_port":20387,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287683595,"flow_src_last_pkt_time":287683595,"flow_dst_last_pkt_time":287869199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.203.72.224","src_port":28681,"dst_port":9897,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238800,"flow_src_last_pkt_time":229238800,"flow_dst_last_pkt_time":229238800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.131.202.24","src_port":28681,"dst_port":44748,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238800,"flow_src_last_pkt_time":229238800,"flow_dst_last_pkt_time":229238800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.131.202.24","src_port":28681,"dst_port":44748,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287497017,"flow_src_last_pkt_time":287497017,"flow_dst_last_pkt_time":287497017,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.231.59.187","src_port":28681,"dst_port":62234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287429698,"flow_src_last_pkt_time":287429698,"flow_dst_last_pkt_time":287429698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":28681,"dst_port":53707,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287441286,"flow_src_last_pkt_time":287441286,"flow_dst_last_pkt_time":287441286,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":28681,"dst_port":7375,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287467263,"flow_src_last_pkt_time":287467263,"flow_dst_last_pkt_time":287467263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.152.218","src_port":28681,"dst_port":51920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287484483,"flow_src_last_pkt_time":287484483,"flow_dst_last_pkt_time":287484483,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":28681,"dst_port":7380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312889,"flow_src_last_pkt_time":287312889,"flow_dst_last_pkt_time":287312889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.144.99.73","src_port":28681,"dst_port":10745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312889,"flow_src_last_pkt_time":287312889,"flow_dst_last_pkt_time":287312889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.144.99.73","src_port":28681,"dst_port":10745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287427173,"flow_src_last_pkt_time":287427173,"flow_dst_last_pkt_time":287642779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.83.5","src_port":28681,"dst_port":10624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":287424215,"flow_src_last_pkt_time":350982053,"flow_dst_last_pkt_time":351110333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.239.173.18","src_port":28681,"dst_port":23327,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314783,"flow_src_last_pkt_time":287314783,"flow_dst_last_pkt_time":287314783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.196.216.12","src_port":28681,"dst_port":58910,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":311751600,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314783,"flow_src_last_pkt_time":287314783,"flow_dst_last_pkt_time":287314783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.196.216.12","src_port":28681,"dst_port":58910,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":311751600,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287385994,"flow_src_last_pkt_time":287385994,"flow_dst_last_pkt_time":287385994,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.118.77","src_port":28681,"dst_port":56562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":371838207,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":371838207,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340413,"flow_src_last_pkt_time":320290815,"flow_dst_last_pkt_time":287340413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.41.253","src_port":28681,"dst_port":14339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287486558,"flow_src_last_pkt_time":287486558,"flow_dst_last_pkt_time":287710915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"210.209.249.84","src_port":28681,"dst_port":24751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287496674,"flow_src_last_pkt_time":287496674,"flow_dst_last_pkt_time":287828000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":61,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":61,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":28681,"dst_port":45710,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4584,19 +4730,19 @@ 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442403,"flow_src_last_pkt_time":287442403,"flow_dst_last_pkt_time":287442403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.64.156.63","src_port":28681,"dst_port":60092,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287511284,"flow_src_last_pkt_time":287511284,"flow_dst_last_pkt_time":287511284,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":28681,"dst_port":49803,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287526491,"flow_src_last_pkt_time":287526491,"flow_dst_last_pkt_time":287526491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.127.1.235","src_port":28681,"dst_port":37814,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287310365,"flow_src_last_pkt_time":287310365,"flow_dst_last_pkt_time":287954302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":306,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":306,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.161.80.82","src_port":28681,"dst_port":8656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287310365,"flow_src_last_pkt_time":287310365,"flow_dst_last_pkt_time":287954302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":306,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":306,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.161.80.82","src_port":28681,"dst_port":8656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287496192,"flow_src_last_pkt_time":287496192,"flow_dst_last_pkt_time":287496192,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":28681,"dst_port":49815,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287651749,"flow_src_last_pkt_time":287651749,"flow_dst_last_pkt_time":287651749,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.40.67.191","src_port":28681,"dst_port":14971,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356915,"flow_src_last_pkt_time":320292278,"flow_dst_last_pkt_time":287356915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":28681,"dst_port":53883,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287525166,"flow_src_last_pkt_time":287525166,"flow_dst_last_pkt_time":287525166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":54914,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287698485,"flow_src_last_pkt_time":287698485,"flow_dst_last_pkt_time":287698485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"101.136.187.253","src_port":28681,"dst_port":10914,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287320411,"flow_src_last_pkt_time":287320411,"flow_dst_last_pkt_time":287320411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.250.32","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311602,"flow_src_last_pkt_time":287311602,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287312193,"flow_src_last_pkt_time":287312193,"flow_dst_last_pkt_time":288223001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":320,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":320,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.2.62.28","src_port":28681,"dst_port":6387,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308439,"flow_src_last_pkt_time":287308439,"flow_dst_last_pkt_time":287308439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.210.81.59","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238441,"flow_src_last_pkt_time":229238441,"flow_dst_last_pkt_time":229238441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.56.198","src_port":28681,"dst_port":11984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":373495985,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310048,"flow_src_last_pkt_time":287310048,"flow_dst_last_pkt_time":287310048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"8.44.149.207","src_port":28681,"dst_port":30551,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311602,"flow_src_last_pkt_time":287311602,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287312193,"flow_src_last_pkt_time":287312193,"flow_dst_last_pkt_time":288223001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":320,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":320,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.2.62.28","src_port":28681,"dst_port":6387,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308439,"flow_src_last_pkt_time":287308439,"flow_dst_last_pkt_time":287308439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.210.81.59","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238441,"flow_src_last_pkt_time":229238441,"flow_dst_last_pkt_time":229238441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.56.198","src_port":28681,"dst_port":11984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":373495985,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310048,"flow_src_last_pkt_time":287310048,"flow_dst_last_pkt_time":287310048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"8.44.149.207","src_port":28681,"dst_port":30551,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287652154,"flow_src_last_pkt_time":287652154,"flow_dst_last_pkt_time":287652154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.192.83.59","src_port":28681,"dst_port":33513,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287499197,"flow_src_last_pkt_time":287499197,"flow_dst_last_pkt_time":287499197,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.199.103","src_port":28681,"dst_port":2625,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287682493,"flow_src_last_pkt_time":287682493,"flow_dst_last_pkt_time":287682493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.191.58.38","src_port":28681,"dst_port":48157,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4617,22 +4763,22 @@ 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287682208,"flow_src_last_pkt_time":287682208,"flow_dst_last_pkt_time":287682208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.249.190.8","src_port":28681,"dst_port":25198,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287699174,"flow_src_last_pkt_time":287699174,"flow_dst_last_pkt_time":287699174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.163","src_port":28681,"dst_port":6564,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287341361,"flow_src_last_pkt_time":320291262,"flow_dst_last_pkt_time":287341361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.49.159.77","src_port":28681,"dst_port":55915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":311749976,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229240388,"flow_src_last_pkt_time":229240388,"flow_dst_last_pkt_time":229240388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.35.190.5","src_port":28681,"dst_port":18604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":311749976,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229240388,"flow_src_last_pkt_time":229240388,"flow_dst_last_pkt_time":229240388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.35.190.5","src_port":28681,"dst_port":18604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287859330,"flow_src_last_pkt_time":287859330,"flow_dst_last_pkt_time":287859330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":52420,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":373494945,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":373494945,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287573220,"flow_src_last_pkt_time":320293048,"flow_dst_last_pkt_time":287573220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.163","src_port":28681,"dst_port":6594,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287497829,"flow_src_last_pkt_time":287497829,"flow_dst_last_pkt_time":287497829,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.179.18.242","src_port":28681,"dst_port":47329,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":289962007,"flow_src_last_pkt_time":289962007,"flow_dst_last_pkt_time":289962007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.163","src_port":28681,"dst_port":6599,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287321152,"flow_src_last_pkt_time":287321152,"flow_dst_last_pkt_time":287321152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.72.149.140","src_port":28681,"dst_port":37848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287510194,"flow_src_last_pkt_time":287547151,"flow_dst_last_pkt_time":287583222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":110,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.20.248.147","src_port":28681,"dst_port":30706,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287654311,"flow_src_last_pkt_time":287654311,"flow_dst_last_pkt_time":287654311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.129.86.65","src_port":28681,"dst_port":49723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311908,"flow_src_last_pkt_time":287311908,"flow_dst_last_pkt_time":287311908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.203.45.107","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311908,"flow_src_last_pkt_time":287311908,"flow_dst_last_pkt_time":287311908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.203.45.107","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287383122,"flow_src_last_pkt_time":287383122,"flow_dst_last_pkt_time":287383122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.105.52.2","src_port":28681,"dst_port":6831,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":371836608,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":371836608,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287498759,"flow_src_last_pkt_time":287498759,"flow_dst_last_pkt_time":287498759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":28681,"dst_port":7849,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":311751833,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239365,"flow_src_last_pkt_time":229239365,"flow_dst_last_pkt_time":229239365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.185.126","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":311751833,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239365,"flow_src_last_pkt_time":229239365,"flow_dst_last_pkt_time":229239365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.185.126","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287698888,"flow_src_last_pkt_time":287698888,"flow_dst_last_pkt_time":287698888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.47.227.91","src_port":28681,"dst_port":54463,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287699351,"flow_src_last_pkt_time":287743590,"flow_dst_last_pkt_time":287783603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.168.34.105","src_port":28681,"dst_port":39908,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287497569,"flow_src_last_pkt_time":287497569,"flow_dst_last_pkt_time":287497569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.174.18.115","src_port":28681,"dst_port":50679,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4647,7 +4793,7 @@ 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287510972,"flow_src_last_pkt_time":287510972,"flow_dst_last_pkt_time":287510972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.22.22.94","src_port":28681,"dst_port":34245,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287588556,"flow_src_last_pkt_time":287588556,"flow_dst_last_pkt_time":287588556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"159.196.95.223","src_port":28681,"dst_port":2003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287511819,"flow_src_last_pkt_time":287511819,"flow_dst_last_pkt_time":287824341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"180.218.135.222","src_port":28681,"dst_port":4548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":311750486,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":311750486,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287426310,"flow_src_last_pkt_time":287426310,"flow_dst_last_pkt_time":287647245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.170.108","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287619126,"flow_src_last_pkt_time":287619126,"flow_dst_last_pkt_time":287619126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.83.5","src_port":28681,"dst_port":9128,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287652991,"flow_src_last_pkt_time":287652991,"flow_dst_last_pkt_time":287652991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.200.235","src_port":28681,"dst_port":1968,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4659,16 +4805,16 @@ 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287859998,"flow_src_last_pkt_time":287859998,"flow_dst_last_pkt_time":287859998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":4364,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287648701,"flow_src_last_pkt_time":287648701,"flow_dst_last_pkt_time":287648701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":55050,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340314,"flow_src_last_pkt_time":320290768,"flow_dst_last_pkt_time":287340314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.200.235","src_port":28681,"dst_port":2034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":253026184,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":373496852,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":253026184,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":373496852,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287428427,"flow_src_last_pkt_time":287428427,"flow_dst_last_pkt_time":287428427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":35004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":373497174,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311299,"flow_src_last_pkt_time":287311299,"flow_dst_last_pkt_time":287311299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.156.58.211","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312665,"flow_src_last_pkt_time":287312665,"flow_dst_last_pkt_time":287312665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.4.204.220","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":373497174,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311299,"flow_src_last_pkt_time":287311299,"flow_dst_last_pkt_time":287311299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.156.58.211","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312665,"flow_src_last_pkt_time":287312665,"flow_dst_last_pkt_time":287312665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.4.204.220","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287622813,"flow_src_last_pkt_time":287622813,"flow_dst_last_pkt_time":287622813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.14.143.237","src_port":28681,"dst_port":13965,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287532984,"flow_src_last_pkt_time":287836880,"flow_dst_last_pkt_time":288223086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.59.117.166","src_port":28681,"dst_port":33192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340060,"flow_src_last_pkt_time":320290682,"flow_dst_last_pkt_time":287340060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":28681,"dst_port":10655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":373495414,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":373495414,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442727,"flow_src_last_pkt_time":287442727,"flow_dst_last_pkt_time":287442727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.203.72.224","src_port":28681,"dst_port":53658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287429288,"flow_src_last_pkt_time":287429288,"flow_dst_last_pkt_time":287429288,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.250.32","src_port":28681,"dst_port":52647,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287524138,"flow_src_last_pkt_time":287524138,"flow_dst_last_pkt_time":287524138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.12.1.136","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4676,8 +4822,8 @@ 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287466034,"flow_src_last_pkt_time":287466034,"flow_dst_last_pkt_time":287466034,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.10.174.159","src_port":28681,"dst_port":4841,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339383,"flow_src_last_pkt_time":320290529,"flow_dst_last_pkt_time":287339383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":28681,"dst_port":10677,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287635205,"flow_src_last_pkt_time":320293343,"flow_dst_last_pkt_time":287635205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.189.72.230","src_port":28681,"dst_port":8161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":371838412,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314573,"flow_src_last_pkt_time":287314573,"flow_dst_last_pkt_time":287314573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"209.204.207.5","src_port":28681,"dst_port":49256,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":371838412,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314573,"flow_src_last_pkt_time":287314573,"flow_dst_last_pkt_time":287314573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"209.204.207.5","src_port":28681,"dst_port":49256,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287858940,"flow_src_last_pkt_time":287858940,"flow_dst_last_pkt_time":287858940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.91.201","src_port":28681,"dst_port":4297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287496358,"flow_src_last_pkt_time":287714018,"flow_dst_last_pkt_time":288483516,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.62.225.181","src_port":28681,"dst_port":46843,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356009,"flow_src_last_pkt_time":320291601,"flow_dst_last_pkt_time":287356009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.250.6.59","src_port":28681,"dst_port":60012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4689,11 +4835,11 @@ 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287599291,"flow_src_last_pkt_time":287599291,"flow_dst_last_pkt_time":287599291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"180.218.135.222","src_port":28681,"dst_port":49867,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287424448,"flow_src_last_pkt_time":287424448,"flow_dst_last_pkt_time":287697275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.17.132.18","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287619767,"flow_src_last_pkt_time":287619767,"flow_dst_last_pkt_time":287619767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"150.116.225.105","src_port":28681,"dst_port":51438,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316018,"flow_src_last_pkt_time":287316018,"flow_dst_last_pkt_time":287316018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316018,"flow_src_last_pkt_time":287316018,"flow_dst_last_pkt_time":287316018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287681933,"flow_src_last_pkt_time":287681933,"flow_dst_last_pkt_time":287681933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.71.72.88","src_port":28681,"dst_port":58808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287525885,"flow_src_last_pkt_time":287525885,"flow_dst_last_pkt_time":287525885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":28681,"dst_port":10791,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340969,"flow_src_last_pkt_time":320291125,"flow_dst_last_pkt_time":287340969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.39.159.60","src_port":28681,"dst_port":56896,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":311749691,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":311749691,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287384891,"flow_src_last_pkt_time":287384891,"flow_dst_last_pkt_time":287384891,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":28681,"dst_port":53144,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356560,"flow_src_last_pkt_time":320292115,"flow_dst_last_pkt_time":287356560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":28681,"dst_port":53163,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287511632,"flow_src_last_pkt_time":287511632,"flow_dst_last_pkt_time":287511632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.18.212.223","src_port":28681,"dst_port":58290,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4705,15 +4851,15 @@ 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287424939,"flow_src_last_pkt_time":287424939,"flow_dst_last_pkt_time":287424939,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":42925,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287387000,"flow_src_last_pkt_time":287557061,"flow_dst_last_pkt_time":287752626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":28681,"dst_port":8890,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287620673,"flow_src_last_pkt_time":287620673,"flow_dst_last_pkt_time":287620673,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.227.198.100","src_port":28681,"dst_port":6910,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":253024749,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310684,"flow_src_last_pkt_time":287310684,"flow_dst_last_pkt_time":287310684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.143.34.225","src_port":28681,"dst_port":20071,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":253024749,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310684,"flow_src_last_pkt_time":287310684,"flow_dst_last_pkt_time":287310684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.143.34.225","src_port":28681,"dst_port":20071,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287385508,"flow_src_last_pkt_time":287385508,"flow_dst_last_pkt_time":287385508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.176.62.40","src_port":28681,"dst_port":52755,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314979,"flow_src_last_pkt_time":287314979,"flow_dst_last_pkt_time":287314979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.114.40.175","src_port":28681,"dst_port":23552,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314979,"flow_src_last_pkt_time":287314979,"flow_dst_last_pkt_time":287314979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.114.40.175","src_port":28681,"dst_port":23552,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442230,"flow_src_last_pkt_time":287442230,"flow_dst_last_pkt_time":287442230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":59875,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287315710,"flow_src_last_pkt_time":287315710,"flow_dst_last_pkt_time":288490528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":314,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":314,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.162.27","src_port":28681,"dst_port":7986,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316233,"flow_src_last_pkt_time":287316233,"flow_dst_last_pkt_time":287316233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":28681,"dst_port":8070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287315710,"flow_src_last_pkt_time":287315710,"flow_dst_last_pkt_time":288490528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":314,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":314,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.162.27","src_port":28681,"dst_port":7986,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316233,"flow_src_last_pkt_time":287316233,"flow_dst_last_pkt_time":287316233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":28681,"dst_port":8070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442550,"flow_src_last_pkt_time":287442550,"flow_dst_last_pkt_time":287442550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.200.161","src_port":28681,"dst_port":65274,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":373495794,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":373495794,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287498581,"flow_src_last_pkt_time":287498581,"flow_dst_last_pkt_time":287719864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.242.225","src_port":28681,"dst_port":15068,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287698314,"flow_src_last_pkt_time":287698314,"flow_dst_last_pkt_time":287698314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.171.82.65","src_port":28681,"dst_port":50072,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287444268,"flow_src_last_pkt_time":287444268,"flow_dst_last_pkt_time":287749515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":28681,"dst_port":23461,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4732,14 +4878,14 @@ 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287653866,"flow_src_last_pkt_time":287653866,"flow_dst_last_pkt_time":287653866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.121.156","src_port":28681,"dst_port":3624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287341591,"flow_src_last_pkt_time":320291446,"flow_dst_last_pkt_time":287341591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":43316,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287623141,"flow_src_last_pkt_time":287623141,"flow_dst_last_pkt_time":287623141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":53454,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314125,"flow_src_last_pkt_time":287314125,"flow_dst_last_pkt_time":287314125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.94.85.113","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314125,"flow_src_last_pkt_time":287314125,"flow_dst_last_pkt_time":287314125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.94.85.113","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287523680,"flow_src_last_pkt_time":287523680,"flow_dst_last_pkt_time":287523680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.139.21.182","src_port":28681,"dst_port":50110,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339043,"flow_src_last_pkt_time":320290446,"flow_dst_last_pkt_time":287339043,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.167.248.220","src_port":28681,"dst_port":59304,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309691,"flow_src_last_pkt_time":287309691,"flow_dst_last_pkt_time":287309691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.100.76.123","src_port":28681,"dst_port":39628,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309691,"flow_src_last_pkt_time":287309691,"flow_dst_last_pkt_time":287309691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.100.76.123","src_port":28681,"dst_port":39628,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287386762,"flow_src_last_pkt_time":291154795,"flow_dst_last_pkt_time":294825827,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.89.249.8","src_port":28681,"dst_port":50649,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239821,"flow_src_last_pkt_time":229239821,"flow_dst_last_pkt_time":229239821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.122.233.15","src_port":28681,"dst_port":11488,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":371838816,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315207,"flow_src_last_pkt_time":287315207,"flow_dst_last_pkt_time":287315207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.137.106.173","src_port":28681,"dst_port":11625,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239821,"flow_src_last_pkt_time":229239821,"flow_dst_last_pkt_time":229239821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.122.233.15","src_port":28681,"dst_port":11488,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":371838816,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315207,"flow_src_last_pkt_time":287315207,"flow_dst_last_pkt_time":287315207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.137.106.173","src_port":28681,"dst_port":11625,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287320529,"flow_src_last_pkt_time":287320529,"flow_dst_last_pkt_time":287320529,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.152.218","src_port":28681,"dst_port":51153,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287429503,"flow_src_last_pkt_time":287429503,"flow_dst_last_pkt_time":287429503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":48380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287443413,"flow_src_last_pkt_time":287443413,"flow_dst_last_pkt_time":287443413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"180.149.125.139","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4759,19 +4905,19 @@ 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287320671,"flow_src_last_pkt_time":287320671,"flow_dst_last_pkt_time":287724793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.162.138.200","src_port":28681,"dst_port":24018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3461,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287625031,"flow_src_last_pkt_time":287625031,"flow_dst_last_pkt_time":287625031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":381699695,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.215.130.156","src_port":28681,"dst_port":12405,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243616097,"flow_src_last_pkt_time":287511110,"flow_dst_last_pkt_time":243616097,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"180.200.236.13","src_port":28681,"dst_port":12082,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743232,"flow_src_last_pkt_time":251743232,"flow_dst_last_pkt_time":251743232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.255.145.191","src_port":28681,"dst_port":47264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739244,"flow_src_last_pkt_time":251739244,"flow_dst_last_pkt_time":251739244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.234.216.251","src_port":28681,"dst_port":17845,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743232,"flow_src_last_pkt_time":251743232,"flow_dst_last_pkt_time":251743232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.255.145.191","src_port":28681,"dst_port":47264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739244,"flow_src_last_pkt_time":251739244,"flow_dst_last_pkt_time":251739244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.234.216.251","src_port":28681,"dst_port":17845,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251763326,"flow_src_last_pkt_time":287316376,"flow_dst_last_pkt_time":251763326,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.199.108","src_port":28681,"dst_port":56040,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251765454,"flow_src_last_pkt_time":287317165,"flow_dst_last_pkt_time":287535563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742442,"flow_src_last_pkt_time":251742442,"flow_dst_last_pkt_time":251742442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.71.44.121","src_port":28681,"dst_port":14398,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740552,"flow_src_last_pkt_time":251740552,"flow_dst_last_pkt_time":251740552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.143.28.64","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740138,"flow_src_last_pkt_time":251740138,"flow_dst_last_pkt_time":251740138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.2.245","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742217,"flow_src_last_pkt_time":251742217,"flow_dst_last_pkt_time":251742217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.15.216.216","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742442,"flow_src_last_pkt_time":251742442,"flow_dst_last_pkt_time":251742442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.71.44.121","src_port":28681,"dst_port":14398,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740552,"flow_src_last_pkt_time":251740552,"flow_dst_last_pkt_time":251740552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.143.28.64","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740138,"flow_src_last_pkt_time":251740138,"flow_dst_last_pkt_time":251740138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.2.245","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742217,"flow_src_last_pkt_time":251742217,"flow_dst_last_pkt_time":251742217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.15.216.216","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251801646,"flow_src_last_pkt_time":287320078,"flow_dst_last_pkt_time":251801646,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.13.148","src_port":28681,"dst_port":51896,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742020,"flow_src_last_pkt_time":251742020,"flow_dst_last_pkt_time":251742020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.35.219","src_port":28681,"dst_port":42211,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742020,"flow_src_last_pkt_time":251742020,"flow_dst_last_pkt_time":251742020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.35.219","src_port":28681,"dst_port":42211,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243619784,"flow_src_last_pkt_time":287427833,"flow_dst_last_pkt_time":287621392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.134.136","src_port":28681,"dst_port":21407,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":90005361,"flow_src_last_pkt_time":287321463,"flow_dst_last_pkt_time":287355218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":726,"flow_dst_tot_l4_payload_len":4067,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743840,"flow_src_last_pkt_time":251743840,"flow_dst_last_pkt_time":251743840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.135.15.86","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743840,"flow_src_last_pkt_time":251743840,"flow_dst_last_pkt_time":251743840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.135.15.86","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251800801,"flow_src_last_pkt_time":287319532,"flow_dst_last_pkt_time":251800801,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":45880,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243620353,"flow_src_last_pkt_time":243620353,"flow_dst_last_pkt_time":243620353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.102.148.166","src_port":28681,"dst_port":31332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251801238,"flow_src_last_pkt_time":287319859,"flow_dst_last_pkt_time":251801238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":45640,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4781,26 +4927,26 @@ 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251767577,"flow_src_last_pkt_time":287318236,"flow_dst_last_pkt_time":251767577,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.27.193.124","src_port":28681,"dst_port":50555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251800408,"flow_src_last_pkt_time":287319339,"flow_dst_last_pkt_time":251800408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":45744,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251800203,"flow_src_last_pkt_time":287319240,"flow_dst_last_pkt_time":251800203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":43457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802309,"flow_src_last_pkt_time":251802309,"flow_dst_last_pkt_time":251802309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.120.219.74","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802309,"flow_src_last_pkt_time":251802309,"flow_dst_last_pkt_time":251802309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.120.219.74","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251801076,"flow_src_last_pkt_time":287319762,"flow_dst_last_pkt_time":251801076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.18.172.208","src_port":28681,"dst_port":63172,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243616903,"flow_src_last_pkt_time":287526058,"flow_dst_last_pkt_time":287598509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.58.211.52","src_port":28681,"dst_port":3806,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243618410,"flow_src_last_pkt_time":287682903,"flow_dst_last_pkt_time":243618410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.172.10.90","src_port":28681,"dst_port":40162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743428,"flow_src_last_pkt_time":251743428,"flow_dst_last_pkt_time":251743428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.24.146.101","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768679,"flow_src_last_pkt_time":251768679,"flow_dst_last_pkt_time":251768679,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"2.28.39.18","src_port":28681,"dst_port":15672,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":93714209,"flow_src_last_pkt_time":253026052,"flow_dst_last_pkt_time":93714209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251741922,"flow_src_last_pkt_time":251741922,"flow_dst_last_pkt_time":253031457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":319,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":319,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.182.39.11","src_port":28681,"dst_port":12977,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743428,"flow_src_last_pkt_time":251743428,"flow_dst_last_pkt_time":251743428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.24.146.101","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768679,"flow_src_last_pkt_time":251768679,"flow_dst_last_pkt_time":251768679,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"2.28.39.18","src_port":28681,"dst_port":15672,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":93714209,"flow_src_last_pkt_time":253026052,"flow_dst_last_pkt_time":93714209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251741922,"flow_src_last_pkt_time":251741922,"flow_dst_last_pkt_time":253031457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":319,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":319,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.182.39.11","src_port":28681,"dst_port":12977,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619573,"flow_src_last_pkt_time":243619573,"flow_dst_last_pkt_time":243619573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.0.69.215","src_port":28681,"dst_port":12608,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":90184128,"flow_src_last_pkt_time":287700104,"flow_dst_last_pkt_time":288014846,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":645,"flow_dst_tot_l4_payload_len":3215,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741399,"flow_src_last_pkt_time":251741399,"flow_dst_last_pkt_time":251741399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.139.61.103","src_port":28681,"dst_port":24096,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741399,"flow_src_last_pkt_time":251741399,"flow_dst_last_pkt_time":251741399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.139.61.103","src_port":28681,"dst_port":24096,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00762{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":90880863,"flow_src_last_pkt_time":251768782,"flow_dst_last_pkt_time":251799257,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":755,"flow_dst_tot_l4_payload_len":4350,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":28681,"dst_port":59596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251763807,"flow_src_last_pkt_time":287316570,"flow_dst_last_pkt_time":251763807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.14.31","src_port":28681,"dst_port":54754,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619099,"flow_src_last_pkt_time":243619099,"flow_dst_last_pkt_time":243619099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.215.183.71","src_port":28681,"dst_port":31310,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741037,"flow_src_last_pkt_time":251741037,"flow_dst_last_pkt_time":251741037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.65.188.29","src_port":28681,"dst_port":24676,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741037,"flow_src_last_pkt_time":251741037,"flow_dst_last_pkt_time":251741037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.65.188.29","src_port":28681,"dst_port":24676,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":90073006,"flow_src_last_pkt_time":287483764,"flow_dst_last_pkt_time":287523854,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":645,"flow_dst_tot_l4_payload_len":3207,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740694,"flow_src_last_pkt_time":251740694,"flow_dst_last_pkt_time":251740694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.177.52.73","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741613,"flow_src_last_pkt_time":251741613,"flow_dst_last_pkt_time":251741613,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.129.149.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251769188,"flow_src_last_pkt_time":251769188,"flow_dst_last_pkt_time":251769188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.214.12.247","src_port":28681,"dst_port":44001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768912,"flow_src_last_pkt_time":251768912,"flow_dst_last_pkt_time":251768912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"70.119.248.5","src_port":28681,"dst_port":49929,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740694,"flow_src_last_pkt_time":251740694,"flow_dst_last_pkt_time":251740694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.177.52.73","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741613,"flow_src_last_pkt_time":251741613,"flow_dst_last_pkt_time":251741613,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.129.149.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251769188,"flow_src_last_pkt_time":251769188,"flow_dst_last_pkt_time":251769188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.214.12.247","src_port":28681,"dst_port":44001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768912,"flow_src_last_pkt_time":251768912,"flow_dst_last_pkt_time":251768912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"70.119.248.5","src_port":28681,"dst_port":49929,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01194{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":90072798,"flow_src_last_pkt_time":320293489,"flow_dst_last_pkt_time":287667256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":4554,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251764559,"flow_src_last_pkt_time":287316810,"flow_dst_last_pkt_time":251764559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.70.199.107","src_port":28681,"dst_port":60475,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251799958,"flow_src_last_pkt_time":287319131,"flow_dst_last_pkt_time":251799958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":46790,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4811,80 +4957,80 @@ 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243617811,"flow_src_last_pkt_time":287381889,"flow_dst_last_pkt_time":288007245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.64.6.175","src_port":28681,"dst_port":4743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243616362,"flow_src_last_pkt_time":287426947,"flow_dst_last_pkt_time":287785960,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":110,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.241.204.61","src_port":28681,"dst_port":43366,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766760,"flow_src_last_pkt_time":287317745,"flow_dst_last_pkt_time":251766760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.241.112.255","src_port":28681,"dst_port":14766,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742656,"flow_src_last_pkt_time":251742656,"flow_dst_last_pkt_time":251742656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.162.97.8","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742656,"flow_src_last_pkt_time":251742656,"flow_dst_last_pkt_time":251742656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.162.97.8","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243615643,"flow_src_last_pkt_time":287318910,"flow_dst_last_pkt_time":243615643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.182.136.42","src_port":28681,"dst_port":27873,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766427,"flow_src_last_pkt_time":287317645,"flow_dst_last_pkt_time":251766427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.153.206.183","src_port":28681,"dst_port":16919,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766030,"flow_src_last_pkt_time":287317454,"flow_dst_last_pkt_time":251766030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.127.26.138","src_port":28681,"dst_port":3083,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742343,"flow_src_last_pkt_time":251742343,"flow_dst_last_pkt_time":251742343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"145.82.53.165","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742343,"flow_src_last_pkt_time":251742343,"flow_dst_last_pkt_time":251742343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"145.82.53.165","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":90039956,"flow_src_last_pkt_time":287497328,"flow_dst_last_pkt_time":90039956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":271,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251767408,"flow_src_last_pkt_time":287318133,"flow_dst_last_pkt_time":251767408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"210.194.116.78","src_port":28681,"dst_port":8342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766203,"flow_src_last_pkt_time":287317526,"flow_dst_last_pkt_time":251766203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.121.156","src_port":28681,"dst_port":23183,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251735839,"flow_src_last_pkt_time":251735839,"flow_dst_last_pkt_time":251735839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.178.192.76","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253024623,"flow_src_last_pkt_time":253024623,"flow_dst_last_pkt_time":253024623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"107.4.56.177","src_port":28681,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739607,"flow_src_last_pkt_time":251739607,"flow_dst_last_pkt_time":251739607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.27.3.68","src_port":28681,"dst_port":57380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251735839,"flow_src_last_pkt_time":251735839,"flow_dst_last_pkt_time":251735839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.178.192.76","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253024623,"flow_src_last_pkt_time":253024623,"flow_dst_last_pkt_time":253024623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"107.4.56.177","src_port":28681,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739607,"flow_src_last_pkt_time":251739607,"flow_dst_last_pkt_time":251739607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.27.3.68","src_port":28681,"dst_port":57380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243620457,"flow_src_last_pkt_time":243620457,"flow_dst_last_pkt_time":243620457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.39.219.223","src_port":28681,"dst_port":31728,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251799823,"flow_src_last_pkt_time":287319016,"flow_dst_last_pkt_time":251799823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":47184,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251769032,"flow_src_last_pkt_time":251769032,"flow_dst_last_pkt_time":252632878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":327,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.64.177.53","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743039,"flow_src_last_pkt_time":251743039,"flow_dst_last_pkt_time":251743039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.124.71.246","src_port":28681,"dst_port":49035,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251769032,"flow_src_last_pkt_time":251769032,"flow_dst_last_pkt_time":252632878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":327,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.64.177.53","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743039,"flow_src_last_pkt_time":251743039,"flow_dst_last_pkt_time":251743039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.124.71.246","src_port":28681,"dst_port":49035,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243618881,"flow_src_last_pkt_time":287524310,"flow_dst_last_pkt_time":243618881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.7.145.36","src_port":28681,"dst_port":33905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00761{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":90871417,"flow_src_last_pkt_time":251739691,"flow_dst_last_pkt_time":251762907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":1077,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":28681,"dst_port":30566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":89829104,"flow_src_last_pkt_time":287443257,"flow_dst_last_pkt_time":174144907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":3014,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619924,"flow_src_last_pkt_time":243619924,"flow_dst_last_pkt_time":243619924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"191.114.88.39","src_port":28681,"dst_port":18751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251946178,"flow_src_last_pkt_time":251946178,"flow_dst_last_pkt_time":251946178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","src_port":1026,"dst_port":28681,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251738882,"flow_src_last_pkt_time":251738882,"flow_dst_last_pkt_time":251738882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.219.202.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741806,"flow_src_last_pkt_time":251741806,"flow_dst_last_pkt_time":251741806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.127.34","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741506,"flow_src_last_pkt_time":251741506,"flow_dst_last_pkt_time":251741506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.187.236.179","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251738882,"flow_src_last_pkt_time":251738882,"flow_dst_last_pkt_time":251738882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.219.202.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741806,"flow_src_last_pkt_time":251741806,"flow_dst_last_pkt_time":251741806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.127.34","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741506,"flow_src_last_pkt_time":251741506,"flow_dst_last_pkt_time":251741506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.187.236.179","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":95784399,"flow_src_last_pkt_time":287465597,"flow_dst_last_pkt_time":287572441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":327,"flow_dst_tot_l4_payload_len":2511,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243615848,"flow_src_last_pkt_time":287381383,"flow_dst_last_pkt_time":287944648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"156.57.42.2","src_port":28681,"dst_port":33476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":253025155,"flow_src_last_pkt_time":373498204,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":253025155,"flow_src_last_pkt_time":373498204,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":90138188,"flow_src_last_pkt_time":287318627,"flow_dst_last_pkt_time":287634909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":645,"flow_dst_tot_l4_payload_len":3364,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742554,"flow_src_last_pkt_time":251742554,"flow_dst_last_pkt_time":251742554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.13.30","src_port":28681,"dst_port":15138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742554,"flow_src_last_pkt_time":251742554,"flow_dst_last_pkt_time":251742554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.13.30","src_port":28681,"dst_port":15138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":95716693,"flow_src_last_pkt_time":287380885,"flow_dst_last_pkt_time":287440521,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":1755,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739411,"flow_src_last_pkt_time":251739411,"flow_dst_last_pkt_time":251739411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.31.118","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739411,"flow_src_last_pkt_time":251739411,"flow_dst_last_pkt_time":251739411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.31.118","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01034{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":288409044,"flow_src_last_pkt_time":288409044,"flow_dst_last_pkt_time":288409044,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"164.132.10.25","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243618625,"flow_src_last_pkt_time":243618625,"flow_dst_last_pkt_time":243618625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.135.8.7","src_port":28681,"dst_port":1219,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00761{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":90864578,"flow_src_last_pkt_time":287313728,"flow_dst_last_pkt_time":287337870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":1077,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":53489,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":90039406,"flow_src_last_pkt_time":287381612,"flow_dst_last_pkt_time":287415538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":807,"flow_dst_tot_l4_payload_len":4817,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741302,"flow_src_last_pkt_time":251741302,"flow_dst_last_pkt_time":251741302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.247.160.96","src_port":28681,"dst_port":17817,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741302,"flow_src_last_pkt_time":251741302,"flow_dst_last_pkt_time":251741302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.247.160.96","src_port":28681,"dst_port":17817,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251767115,"flow_src_last_pkt_time":287317920,"flow_dst_last_pkt_time":251767115,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.165.228.167","src_port":28681,"dst_port":12201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":253025433,"flow_src_last_pkt_time":373494820,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.68.45.203","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740418,"flow_src_last_pkt_time":251740418,"flow_dst_last_pkt_time":251740418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.28.130.131","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":253025433,"flow_src_last_pkt_time":373494820,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.68.45.203","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740418,"flow_src_last_pkt_time":251740418,"flow_dst_last_pkt_time":251740418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.28.130.131","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":89829492,"flow_src_last_pkt_time":287526703,"flow_dst_last_pkt_time":89829492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":271,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243616746,"flow_src_last_pkt_time":287422960,"flow_dst_last_pkt_time":287697244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.86.49.195","src_port":28681,"dst_port":12019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251742117,"flow_src_last_pkt_time":251742117,"flow_dst_last_pkt_time":252853049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":322,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":322,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.6.226","src_port":28681,"dst_port":9713,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743729,"flow_src_last_pkt_time":251743729,"flow_dst_last_pkt_time":251743729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.86.190.163","src_port":28681,"dst_port":14142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739069,"flow_src_last_pkt_time":251739069,"flow_dst_last_pkt_time":251739069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"197.244.171.132","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251742117,"flow_src_last_pkt_time":251742117,"flow_dst_last_pkt_time":252853049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":322,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":322,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.6.226","src_port":28681,"dst_port":9713,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743729,"flow_src_last_pkt_time":251743729,"flow_dst_last_pkt_time":251743729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.86.190.163","src_port":28681,"dst_port":14142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739069,"flow_src_last_pkt_time":251739069,"flow_dst_last_pkt_time":251739069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"197.244.171.132","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766954,"flow_src_last_pkt_time":287317823,"flow_dst_last_pkt_time":251766954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.240.113","src_port":28681,"dst_port":13867,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742837,"flow_src_last_pkt_time":251742837,"flow_dst_last_pkt_time":251742837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.215.213","src_port":28681,"dst_port":23576,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743527,"flow_src_last_pkt_time":251743527,"flow_dst_last_pkt_time":251743527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.68.179.137","src_port":28681,"dst_port":6406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251741183,"flow_src_last_pkt_time":251741183,"flow_dst_last_pkt_time":252054388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":309,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":28681,"dst_port":8255,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742837,"flow_src_last_pkt_time":251742837,"flow_dst_last_pkt_time":251742837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.215.213","src_port":28681,"dst_port":23576,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743527,"flow_src_last_pkt_time":251743527,"flow_dst_last_pkt_time":251743527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.68.179.137","src_port":28681,"dst_port":6406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251741183,"flow_src_last_pkt_time":251741183,"flow_dst_last_pkt_time":252054388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":309,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":28681,"dst_port":8255,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":243617373,"flow_src_last_pkt_time":365428420,"flow_dst_last_pkt_time":365474471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":77,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.71.243.60","src_port":28681,"dst_port":34498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740269,"flow_src_last_pkt_time":251740269,"flow_dst_last_pkt_time":251740269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.194.53.68","src_port":28681,"dst_port":33770,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802485,"flow_src_last_pkt_time":251802485,"flow_dst_last_pkt_time":251802485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.193.23.172","src_port":28681,"dst_port":42227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251734977,"flow_src_last_pkt_time":381404139,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740269,"flow_src_last_pkt_time":251740269,"flow_dst_last_pkt_time":251740269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.194.53.68","src_port":28681,"dst_port":33770,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802485,"flow_src_last_pkt_time":251802485,"flow_dst_last_pkt_time":251802485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.193.23.172","src_port":28681,"dst_port":42227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251734977,"flow_src_last_pkt_time":381404139,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":90005045,"flow_src_last_pkt_time":287553240,"flow_dst_last_pkt_time":287678696,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":807,"flow_dst_tot_l4_payload_len":4798,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739830,"flow_src_last_pkt_time":251739830,"flow_dst_last_pkt_time":251739830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739830,"flow_src_last_pkt_time":251739830,"flow_dst_last_pkt_time":251739830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251768320,"flow_src_last_pkt_time":287318727,"flow_dst_last_pkt_time":287699802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.7.155.210","src_port":28681,"dst_port":28365,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251765853,"flow_src_last_pkt_time":287317359,"flow_dst_last_pkt_time":287440578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":110,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.227.193.37","src_port":28681,"dst_port":27481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619335,"flow_src_last_pkt_time":243619335,"flow_dst_last_pkt_time":243619335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"144.134.132.206","src_port":28681,"dst_port":16401,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743945,"flow_src_last_pkt_time":251743945,"flow_dst_last_pkt_time":251743945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.165.170.112","src_port":28681,"dst_port":37087,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743945,"flow_src_last_pkt_time":251743945,"flow_dst_last_pkt_time":251743945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.165.170.112","src_port":28681,"dst_port":37087,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251764953,"flow_src_last_pkt_time":287316986,"flow_dst_last_pkt_time":287579860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":28681,"dst_port":15677,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251767266,"flow_src_last_pkt_time":287318019,"flow_dst_last_pkt_time":251767266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.89.84.59","src_port":28681,"dst_port":11603,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619466,"flow_src_last_pkt_time":243619466,"flow_dst_last_pkt_time":243619466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"161.81.38.67","src_port":28681,"dst_port":9539,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743626,"flow_src_last_pkt_time":251743626,"flow_dst_last_pkt_time":251743626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.38.163.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743626,"flow_src_last_pkt_time":251743626,"flow_dst_last_pkt_time":251743626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.38.163.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":95784128,"flow_src_last_pkt_time":287510470,"flow_dst_last_pkt_time":287857497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":327,"flow_dst_tot_l4_payload_len":2512,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":90138420,"flow_src_last_pkt_time":287441093,"flow_dst_last_pkt_time":287483363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":645,"flow_dst_tot_l4_payload_len":3345,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251764380,"flow_src_last_pkt_time":287316765,"flow_dst_last_pkt_time":251764380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.165.153.100","src_port":28681,"dst_port":4509,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741711,"flow_src_last_pkt_time":251741711,"flow_dst_last_pkt_time":251741711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.193.236.8","src_port":28681,"dst_port":46557,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741711,"flow_src_last_pkt_time":251741711,"flow_dst_last_pkt_time":251741711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.193.236.8","src_port":28681,"dst_port":46557,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243619673,"flow_src_last_pkt_time":287426068,"flow_dst_last_pkt_time":243619673,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.115.158.103","src_port":28681,"dst_port":5110,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743139,"flow_src_last_pkt_time":251743139,"flow_dst_last_pkt_time":251743139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.6.118.53","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743139,"flow_src_last_pkt_time":251743139,"flow_dst_last_pkt_time":251743139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.6.118.53","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251768524,"flow_src_last_pkt_time":287318821,"flow_dst_last_pkt_time":287532561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"101.128.66.8","src_port":28681,"dst_port":34512,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243617142,"flow_src_last_pkt_time":287443836,"flow_dst_last_pkt_time":287618162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.175.11.126","src_port":28681,"dst_port":40958,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251801900,"flow_src_last_pkt_time":287320181,"flow_dst_last_pkt_time":251801900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.74.26","src_port":28681,"dst_port":65498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251743326,"flow_src_last_pkt_time":251743326,"flow_dst_last_pkt_time":252481655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":304,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":304,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.24.182.130","src_port":28681,"dst_port":22232,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251743326,"flow_src_last_pkt_time":251743326,"flow_dst_last_pkt_time":252481655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":304,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":304,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.24.182.130","src_port":28681,"dst_port":22232,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251767708,"flow_src_last_pkt_time":287318322,"flow_dst_last_pkt_time":251767708,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243620225,"flow_src_last_pkt_time":243620225,"flow_dst_last_pkt_time":243620225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":24634,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742935,"flow_src_last_pkt_time":251742935,"flow_dst_last_pkt_time":251742935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.8.95.165","src_port":28681,"dst_port":40763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742935,"flow_src_last_pkt_time":251742935,"flow_dst_last_pkt_time":251742935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.8.95.165","src_port":28681,"dst_port":40763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251800960,"flow_src_last_pkt_time":287319660,"flow_dst_last_pkt_time":251800960,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":28681,"dst_port":63978,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251800608,"flow_src_last_pkt_time":287319436,"flow_dst_last_pkt_time":251800608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":28681,"dst_port":33564,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3469,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243616544,"flow_src_last_pkt_time":287587254,"flow_dst_last_pkt_time":288106579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":393888183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.140.63.147","src_port":28681,"dst_port":29545,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -4908,70 +5054,65 @@ 01038{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3505,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":219447137,"flow_src_last_pkt_time":219447137,"flow_dst_last_pkt_time":219447137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":405371959,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.187.171.240","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"7":"Match by IP"},"proto":"ProtonVPN","proto_id":"344","proto_by_ip":"ProtonVPN","proto_by_ip_id":344,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3505,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":219447137,"flow_src_last_pkt_time":219447137,"flow_dst_last_pkt_time":219447137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":405371959,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.187.171.240","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3505,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":355387386,"flow_src_last_pkt_time":355387386,"flow_dst_last_pkt_time":355387386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":405371959,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.125.218.84","src_port":28681,"dst_port":17561,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3505,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":264769911,"flow_src_last_pkt_time":264769911,"flow_dst_last_pkt_time":265025254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":301,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":301,"midstream":0,"thread_ts_usec":405371959,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":28681,"dst_port":9852,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3505,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770979,"flow_src_last_pkt_time":264770979,"flow_dst_last_pkt_time":264770979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":405371959,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.3.215.132","src_port":28681,"dst_port":20356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3505,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770348,"flow_src_last_pkt_time":264770348,"flow_dst_last_pkt_time":264770348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":405371959,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"108.44.45.25","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3505,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264769233,"flow_src_last_pkt_time":264769233,"flow_dst_last_pkt_time":264769233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":405371959,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3505,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":264771328,"flow_src_last_pkt_time":264771328,"flow_dst_last_pkt_time":265818202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":303,"midstream":0,"thread_ts_usec":405371959,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.42.210","src_port":28681,"dst_port":5512,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3505,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264771658,"flow_src_last_pkt_time":264771658,"flow_dst_last_pkt_time":264771658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":405371959,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.94.41.71","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238800,"flow_src_last_pkt_time":229238800,"flow_dst_last_pkt_time":229238800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.131.202.24","src_port":28681,"dst_port":44748,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238800,"flow_src_last_pkt_time":229238800,"flow_dst_last_pkt_time":229238800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.131.202.24","src_port":28681,"dst_port":44748,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238441,"flow_src_last_pkt_time":229238441,"flow_dst_last_pkt_time":229238441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.56.198","src_port":28681,"dst_port":11984,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238441,"flow_src_last_pkt_time":229238441,"flow_dst_last_pkt_time":229238441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.56.198","src_port":28681,"dst_port":11984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229240388,"flow_src_last_pkt_time":229240388,"flow_dst_last_pkt_time":229240388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.35.190.5","src_port":28681,"dst_port":18604,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229240388,"flow_src_last_pkt_time":229240388,"flow_dst_last_pkt_time":229240388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.35.190.5","src_port":28681,"dst_port":18604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239365,"flow_src_last_pkt_time":229239365,"flow_dst_last_pkt_time":229239365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.185.126","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239365,"flow_src_last_pkt_time":229239365,"flow_dst_last_pkt_time":229239365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.185.126","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3505,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":264769911,"flow_src_last_pkt_time":264769911,"flow_dst_last_pkt_time":265025254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":301,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":301,"midstream":0,"thread_ts_usec":405371959,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":28681,"dst_port":9852,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3505,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770979,"flow_src_last_pkt_time":264770979,"flow_dst_last_pkt_time":264770979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":405371959,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.3.215.132","src_port":28681,"dst_port":20356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3505,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770348,"flow_src_last_pkt_time":264770348,"flow_dst_last_pkt_time":264770348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":405371959,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"108.44.45.25","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3505,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264769233,"flow_src_last_pkt_time":264769233,"flow_dst_last_pkt_time":264769233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":405371959,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3505,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":264771328,"flow_src_last_pkt_time":264771328,"flow_dst_last_pkt_time":265818202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":303,"midstream":0,"thread_ts_usec":405371959,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.42.210","src_port":28681,"dst_port":5512,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3505,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264771658,"flow_src_last_pkt_time":264771658,"flow_dst_last_pkt_time":264771658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":405371959,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.94.41.71","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238800,"flow_src_last_pkt_time":229238800,"flow_dst_last_pkt_time":229238800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.131.202.24","src_port":28681,"dst_port":44748,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229238441,"flow_src_last_pkt_time":229238441,"flow_dst_last_pkt_time":229238441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.56.198","src_port":28681,"dst_port":11984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229240388,"flow_src_last_pkt_time":229240388,"flow_dst_last_pkt_time":229240388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.35.190.5","src_port":28681,"dst_port":18604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239365,"flow_src_last_pkt_time":229239365,"flow_dst_last_pkt_time":229239365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.185.126","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":288409044,"flow_src_last_pkt_time":288409044,"flow_dst_last_pkt_time":288409044,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"164.132.10.25","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239821,"flow_src_last_pkt_time":229239821,"flow_dst_last_pkt_time":229239821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.122.233.15","src_port":28681,"dst_port":11488,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239821,"flow_src_last_pkt_time":229239821,"flow_dst_last_pkt_time":229239821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.122.233.15","src_port":28681,"dst_port":11488,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312956911,"flow_src_last_pkt_time":373497620,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":229239821,"flow_src_last_pkt_time":229239821,"flow_dst_last_pkt_time":229239821,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.122.233.15","src_port":28681,"dst_port":11488,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312956911,"flow_src_last_pkt_time":373497620,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":101162745,"flow_src_last_pkt_time":287624798,"flow_dst_last_pkt_time":177309077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":3014,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":168555545,"flow_src_last_pkt_time":287428135,"flow_dst_last_pkt_time":287464674,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":483,"flow_dst_tot_l4_payload_len":1891,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312957614,"flow_src_last_pkt_time":312957614,"flow_dst_last_pkt_time":312957614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":371837257,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":373498296,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":311752229,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312957614,"flow_src_last_pkt_time":312957614,"flow_dst_last_pkt_time":312957614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":371837257,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":373498296,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":311752229,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":124066131,"flow_src_last_pkt_time":287321260,"flow_dst_last_pkt_time":124181723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":115369554,"flow_src_last_pkt_time":287313555,"flow_dst_last_pkt_time":287650021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":78,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":265,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":28681,"dst_port":37058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":101837355,"flow_src_last_pkt_time":287806064,"flow_dst_last_pkt_time":289958480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":274,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":373497746,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":373497746,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":124090730,"flow_src_last_pkt_time":287316477,"flow_dst_last_pkt_time":287421199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":95923574,"flow_src_last_pkt_time":287443565,"flow_dst_last_pkt_time":95923574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":371837471,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":373496486,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":71536330,"flow_src_last_pkt_time":350798579,"flow_dst_last_pkt_time":351075803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":371836228,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":371837471,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":373496486,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":71536330,"flow_src_last_pkt_time":350798579,"flow_dst_last_pkt_time":351075803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":371836228,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":116628965,"flow_src_last_pkt_time":287381237,"flow_dst_last_pkt_time":287357971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":592,"flow_dst_tot_l4_payload_len":2531,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":371837958,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":371837833,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312957456,"flow_src_last_pkt_time":373498112,"flow_dst_last_pkt_time":312957456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.115.218.152","src_port":28681,"dst_port":5900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":373498384,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":373497923,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":371837045,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":371837958,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":371837833,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312957456,"flow_src_last_pkt_time":373498112,"flow_dst_last_pkt_time":312957456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.115.218.152","src_port":28681,"dst_port":5900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":373498384,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":373497923,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":371837045,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":95893685,"flow_src_last_pkt_time":287318509,"flow_dst_last_pkt_time":287340787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":1668,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":124090360,"flow_src_last_pkt_time":287697560,"flow_dst_last_pkt_time":287890845,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312956768,"flow_src_last_pkt_time":373497401,"flow_dst_last_pkt_time":312956768,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":251742741,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":371837366,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312956768,"flow_src_last_pkt_time":373497401,"flow_dst_last_pkt_time":312956768,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":251742741,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":371837366,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":95893239,"flow_src_last_pkt_time":287522940,"flow_dst_last_pkt_time":287579763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":1785,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":371835925,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312961164,"flow_src_last_pkt_time":312961164,"flow_dst_last_pkt_time":312961164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.140.96","src_port":28681,"dst_port":14400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":311749833,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":373494338,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":371838692,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":371838970,"flow_src_last_pkt_time":371838970,"flow_dst_last_pkt_time":371838970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":371835925,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312961164,"flow_src_last_pkt_time":312961164,"flow_dst_last_pkt_time":312961164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.140.96","src_port":28681,"dst_port":14400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":311749833,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":373494338,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":371838692,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":371838970,"flow_src_last_pkt_time":371838970,"flow_dst_last_pkt_time":371838970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01194{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":174303564,"flow_src_last_pkt_time":287488029,"flow_dst_last_pkt_time":287509796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":1040,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":253024867,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":371836386,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":373494490,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":373494060,"flow_src_last_pkt_time":373494060,"flow_dst_last_pkt_time":373494060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.68.255","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":251739950,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":253024867,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":371836386,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":373494490,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01076{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":373494060,"flow_src_last_pkt_time":373494060,"flow_dst_last_pkt_time":373494060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.68.255","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":251739950,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":123912731,"flow_src_last_pkt_time":287321365,"flow_dst_last_pkt_time":123912731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":253024371,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":373496286,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":253024371,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":373496286,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":174342792,"flow_src_last_pkt_time":287510770,"flow_dst_last_pkt_time":174648242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":114,"flow_dst_tot_l4_payload_len":727,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":373494665,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3517,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":373494665,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":420625173,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3537,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431178093,"flow_src_last_pkt_time":431178093,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431178093,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3537,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_packet_id":1,"flow_src_last_pkt_time":431178093,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":431178093,"pkt":"\/\/\/\/\/\/\/\/CAAn5uVZCABFAADlHP4AAIARA\/0KAAIPCgAC\/wCKAIoA0frqEQKcMAoAAg8AigC7AAAgRU5GREVGRUVFSEVGRkhFSkVPREJEQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQAAUwcATVNFREdFV0lOMTAAAAAAAAoAAxAAAA8BVaoA"} 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3537,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431178093,"flow_src_last_pkt_time":431178093,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431178093,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"msedgewin10"}} @@ -4979,125 +5120,84 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3543,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_packet_id":2,"flow_src_last_pkt_time":431829020,"flow_dst_last_pkt_time":312957614,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":431829020,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05pUAAIARsB8KAAIPTudJDnAJGMoAIHFFR05EEEAiAQFUC1FLUlAGUk5BXS\/iNQlw"} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3545,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431829260,"flow_src_last_pkt_time":431829260,"flow_dst_last_pkt_time":431829260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431829260,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3545,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":761,"flow_packet_id":1,"flow_src_last_pkt_time":431829260,"flow_dst_last_pkt_time":431829260,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":431829260,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0QZQAAIAR3lkKAAIPw4RLOHAJ2skAIDh8R05EEEAkAQFUC1FLUlAGUk5BXS\/iNQlw"} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3545,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431829260,"flow_src_last_pkt_time":431829260,"flow_dst_last_pkt_time":431829260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431829260,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3549,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":5,"flow_src_last_pkt_time":431829784,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":431829784,"pkt":"UlQAEjUCCAAn5uVZCABFAAA09A4AAIARpNcKAAIPVu8+1XAJGMoAIHNwR05EEEAoAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3551,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":4,"flow_src_last_pkt_time":431830029,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":431830029,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0H4MAAIARbHkKAAIPTB5WkHAJ0j0AIK0QR05EEEAqAQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3552,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_packet_id":3,"flow_src_last_pkt_time":431830157,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":431830157,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0mm4AAIARSEcKAAIPQ8EINHAJlrgAID9OR05EEEArAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3553,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":5,"flow_src_last_pkt_time":431830264,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":431830264,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Vb0AAIARb2AKAAIPpanD43AJGMoAIJ+jR05EEEAsAQFUC1FLUlAGUk5BXS\/iNQlw"} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3554,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431830401,"flow_src_last_pkt_time":431830401,"flow_dst_last_pkt_time":431830401,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431830401,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3554,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":762,"flow_packet_id":1,"flow_src_last_pkt_time":431830401,"flow_dst_last_pkt_time":431830401,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":431830401,"pkt":"UlQAEjUCCAAn5uVZCABFAAA06P8AAIARw6kKAAIPVksrtnAJqe4AIPYJR05EEEAtAQFUC1FLUlAGUk5BXS\/iNQlw"} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3554,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431830401,"flow_src_last_pkt_time":431830401,"flow_dst_last_pkt_time":431830401,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431830401,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3555,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":5,"flow_src_last_pkt_time":431830502,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":431830502,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Sb0AAIARjAAKAAIPdqbiRnAJGMoAILBBR05EEEAuAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3561,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":5,"flow_src_last_pkt_time":431831362,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":431831362,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05VMAAIARsFAKAAIPUkFGxXAJVL0AIDQvR05EEEA0AQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3562,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":5,"flow_src_last_pkt_time":431831496,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":431831496,"pkt":"UlQAEjUCCAAn5uVZCABFAAA085sAAIARz6wKAAIPW6wPtnAJk8UAICLKR05EEEA1AQFUC1FLUlAGUk5BXS\/iNQlw"} -00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743232,"flow_src_last_pkt_time":251743232,"flow_dst_last_pkt_time":251743232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.255.145.191","src_port":28681,"dst_port":47264,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743232,"flow_src_last_pkt_time":251743232,"flow_dst_last_pkt_time":251743232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.255.145.191","src_port":28681,"dst_port":47264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739244,"flow_src_last_pkt_time":251739244,"flow_dst_last_pkt_time":251739244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.234.216.251","src_port":28681,"dst_port":17845,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739244,"flow_src_last_pkt_time":251739244,"flow_dst_last_pkt_time":251739244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.234.216.251","src_port":28681,"dst_port":17845,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742442,"flow_src_last_pkt_time":251742442,"flow_dst_last_pkt_time":251742442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.71.44.121","src_port":28681,"dst_port":14398,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742442,"flow_src_last_pkt_time":251742442,"flow_dst_last_pkt_time":251742442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.71.44.121","src_port":28681,"dst_port":14398,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740552,"flow_src_last_pkt_time":251740552,"flow_dst_last_pkt_time":251740552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.143.28.64","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740552,"flow_src_last_pkt_time":251740552,"flow_dst_last_pkt_time":251740552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.143.28.64","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740138,"flow_src_last_pkt_time":251740138,"flow_dst_last_pkt_time":251740138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.2.245","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740138,"flow_src_last_pkt_time":251740138,"flow_dst_last_pkt_time":251740138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.2.245","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742217,"flow_src_last_pkt_time":251742217,"flow_dst_last_pkt_time":251742217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.15.216.216","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742217,"flow_src_last_pkt_time":251742217,"flow_dst_last_pkt_time":251742217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.15.216.216","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742020,"flow_src_last_pkt_time":251742020,"flow_dst_last_pkt_time":251742020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.35.219","src_port":28681,"dst_port":42211,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742020,"flow_src_last_pkt_time":251742020,"flow_dst_last_pkt_time":251742020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.35.219","src_port":28681,"dst_port":42211,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743840,"flow_src_last_pkt_time":251743840,"flow_dst_last_pkt_time":251743840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.135.15.86","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743840,"flow_src_last_pkt_time":251743840,"flow_dst_last_pkt_time":251743840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.135.15.86","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743232,"flow_src_last_pkt_time":251743232,"flow_dst_last_pkt_time":251743232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.255.145.191","src_port":28681,"dst_port":47264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739244,"flow_src_last_pkt_time":251739244,"flow_dst_last_pkt_time":251739244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.234.216.251","src_port":28681,"dst_port":17845,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742442,"flow_src_last_pkt_time":251742442,"flow_dst_last_pkt_time":251742442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.71.44.121","src_port":28681,"dst_port":14398,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740552,"flow_src_last_pkt_time":251740552,"flow_dst_last_pkt_time":251740552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.143.28.64","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740138,"flow_src_last_pkt_time":251740138,"flow_dst_last_pkt_time":251740138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.2.245","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742217,"flow_src_last_pkt_time":251742217,"flow_dst_last_pkt_time":251742217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.15.216.216","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742020,"flow_src_last_pkt_time":251742020,"flow_dst_last_pkt_time":251742020,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.35.219","src_port":28681,"dst_port":42211,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743840,"flow_src_last_pkt_time":251743840,"flow_dst_last_pkt_time":251743840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.135.15.86","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243620353,"flow_src_last_pkt_time":243620353,"flow_dst_last_pkt_time":243620353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.102.148.166","src_port":28681,"dst_port":31332,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243620353,"flow_src_last_pkt_time":243620353,"flow_dst_last_pkt_time":243620353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.102.148.166","src_port":28681,"dst_port":31332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802309,"flow_src_last_pkt_time":251802309,"flow_dst_last_pkt_time":251802309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.120.219.74","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802309,"flow_src_last_pkt_time":251802309,"flow_dst_last_pkt_time":251802309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.120.219.74","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743428,"flow_src_last_pkt_time":251743428,"flow_dst_last_pkt_time":251743428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.24.146.101","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743428,"flow_src_last_pkt_time":251743428,"flow_dst_last_pkt_time":251743428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.24.146.101","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768679,"flow_src_last_pkt_time":251768679,"flow_dst_last_pkt_time":251768679,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"2.28.39.18","src_port":28681,"dst_port":15672,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768679,"flow_src_last_pkt_time":251768679,"flow_dst_last_pkt_time":251768679,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"2.28.39.18","src_port":28681,"dst_port":15672,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802309,"flow_src_last_pkt_time":251802309,"flow_dst_last_pkt_time":251802309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.120.219.74","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743428,"flow_src_last_pkt_time":251743428,"flow_dst_last_pkt_time":251743428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.24.146.101","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768679,"flow_src_last_pkt_time":251768679,"flow_dst_last_pkt_time":251768679,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"2.28.39.18","src_port":28681,"dst_port":15672,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619573,"flow_src_last_pkt_time":243619573,"flow_dst_last_pkt_time":243619573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.0.69.215","src_port":28681,"dst_port":12608,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619573,"flow_src_last_pkt_time":243619573,"flow_dst_last_pkt_time":243619573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.0.69.215","src_port":28681,"dst_port":12608,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741399,"flow_src_last_pkt_time":251741399,"flow_dst_last_pkt_time":251741399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.139.61.103","src_port":28681,"dst_port":24096,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741399,"flow_src_last_pkt_time":251741399,"flow_dst_last_pkt_time":251741399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.139.61.103","src_port":28681,"dst_port":24096,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741399,"flow_src_last_pkt_time":251741399,"flow_dst_last_pkt_time":251741399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.139.61.103","src_port":28681,"dst_port":24096,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00847{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":90880863,"flow_src_last_pkt_time":251768782,"flow_dst_last_pkt_time":251799257,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":755,"flow_dst_tot_l4_payload_len":4350,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":28681,"dst_port":59596,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":90880863,"flow_src_last_pkt_time":251768782,"flow_dst_last_pkt_time":251799257,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":755,"flow_dst_tot_l4_payload_len":4350,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":28681,"dst_port":59596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619099,"flow_src_last_pkt_time":243619099,"flow_dst_last_pkt_time":243619099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.215.183.71","src_port":28681,"dst_port":31310,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619099,"flow_src_last_pkt_time":243619099,"flow_dst_last_pkt_time":243619099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.215.183.71","src_port":28681,"dst_port":31310,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741037,"flow_src_last_pkt_time":251741037,"flow_dst_last_pkt_time":251741037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.65.188.29","src_port":28681,"dst_port":24676,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741037,"flow_src_last_pkt_time":251741037,"flow_dst_last_pkt_time":251741037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.65.188.29","src_port":28681,"dst_port":24676,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740694,"flow_src_last_pkt_time":251740694,"flow_dst_last_pkt_time":251740694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.177.52.73","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740694,"flow_src_last_pkt_time":251740694,"flow_dst_last_pkt_time":251740694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.177.52.73","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741613,"flow_src_last_pkt_time":251741613,"flow_dst_last_pkt_time":251741613,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.129.149.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741613,"flow_src_last_pkt_time":251741613,"flow_dst_last_pkt_time":251741613,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.129.149.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251769188,"flow_src_last_pkt_time":251769188,"flow_dst_last_pkt_time":251769188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.214.12.247","src_port":28681,"dst_port":44001,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251769188,"flow_src_last_pkt_time":251769188,"flow_dst_last_pkt_time":251769188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.214.12.247","src_port":28681,"dst_port":44001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768912,"flow_src_last_pkt_time":251768912,"flow_dst_last_pkt_time":251768912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"70.119.248.5","src_port":28681,"dst_port":49929,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768912,"flow_src_last_pkt_time":251768912,"flow_dst_last_pkt_time":251768912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"70.119.248.5","src_port":28681,"dst_port":49929,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741037,"flow_src_last_pkt_time":251741037,"flow_dst_last_pkt_time":251741037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.65.188.29","src_port":28681,"dst_port":24676,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740694,"flow_src_last_pkt_time":251740694,"flow_dst_last_pkt_time":251740694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.177.52.73","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741613,"flow_src_last_pkt_time":251741613,"flow_dst_last_pkt_time":251741613,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.129.149.103","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251769188,"flow_src_last_pkt_time":251769188,"flow_dst_last_pkt_time":251769188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.214.12.247","src_port":28681,"dst_port":44001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251768912,"flow_src_last_pkt_time":251768912,"flow_dst_last_pkt_time":251768912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"70.119.248.5","src_port":28681,"dst_port":49929,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243618045,"flow_src_last_pkt_time":243618045,"flow_dst_last_pkt_time":243618045,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.223.143.31","src_port":28681,"dst_port":47978,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243618045,"flow_src_last_pkt_time":243618045,"flow_dst_last_pkt_time":243618045,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.223.143.31","src_port":28681,"dst_port":47978,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742656,"flow_src_last_pkt_time":251742656,"flow_dst_last_pkt_time":251742656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.162.97.8","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742656,"flow_src_last_pkt_time":251742656,"flow_dst_last_pkt_time":251742656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.162.97.8","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742343,"flow_src_last_pkt_time":251742343,"flow_dst_last_pkt_time":251742343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"145.82.53.165","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742343,"flow_src_last_pkt_time":251742343,"flow_dst_last_pkt_time":251742343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"145.82.53.165","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251735839,"flow_src_last_pkt_time":251735839,"flow_dst_last_pkt_time":251735839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.178.192.76","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251735839,"flow_src_last_pkt_time":251735839,"flow_dst_last_pkt_time":251735839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.178.192.76","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739607,"flow_src_last_pkt_time":251739607,"flow_dst_last_pkt_time":251739607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.27.3.68","src_port":28681,"dst_port":57380,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739607,"flow_src_last_pkt_time":251739607,"flow_dst_last_pkt_time":251739607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.27.3.68","src_port":28681,"dst_port":57380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742656,"flow_src_last_pkt_time":251742656,"flow_dst_last_pkt_time":251742656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.162.97.8","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742343,"flow_src_last_pkt_time":251742343,"flow_dst_last_pkt_time":251742343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"145.82.53.165","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251735839,"flow_src_last_pkt_time":251735839,"flow_dst_last_pkt_time":251735839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.178.192.76","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739607,"flow_src_last_pkt_time":251739607,"flow_dst_last_pkt_time":251739607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.27.3.68","src_port":28681,"dst_port":57380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243620457,"flow_src_last_pkt_time":243620457,"flow_dst_last_pkt_time":243620457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.39.219.223","src_port":28681,"dst_port":31728,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243620457,"flow_src_last_pkt_time":243620457,"flow_dst_last_pkt_time":243620457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.39.219.223","src_port":28681,"dst_port":31728,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743039,"flow_src_last_pkt_time":251743039,"flow_dst_last_pkt_time":251743039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.124.71.246","src_port":28681,"dst_port":49035,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743039,"flow_src_last_pkt_time":251743039,"flow_dst_last_pkt_time":251743039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.124.71.246","src_port":28681,"dst_port":49035,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743039,"flow_src_last_pkt_time":251743039,"flow_dst_last_pkt_time":251743039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.124.71.246","src_port":28681,"dst_port":49035,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00846{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":90871417,"flow_src_last_pkt_time":251739691,"flow_dst_last_pkt_time":251762907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":1077,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":28681,"dst_port":30566,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00759{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":90871417,"flow_src_last_pkt_time":251739691,"flow_dst_last_pkt_time":251762907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":1077,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":28681,"dst_port":30566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619924,"flow_src_last_pkt_time":243619924,"flow_dst_last_pkt_time":243619924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"191.114.88.39","src_port":28681,"dst_port":18751,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619924,"flow_src_last_pkt_time":243619924,"flow_dst_last_pkt_time":243619924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"191.114.88.39","src_port":28681,"dst_port":18751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251738882,"flow_src_last_pkt_time":251738882,"flow_dst_last_pkt_time":251738882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.219.202.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251738882,"flow_src_last_pkt_time":251738882,"flow_dst_last_pkt_time":251738882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.219.202.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741806,"flow_src_last_pkt_time":251741806,"flow_dst_last_pkt_time":251741806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.127.34","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741806,"flow_src_last_pkt_time":251741806,"flow_dst_last_pkt_time":251741806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.127.34","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741506,"flow_src_last_pkt_time":251741506,"flow_dst_last_pkt_time":251741506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.187.236.179","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741506,"flow_src_last_pkt_time":251741506,"flow_dst_last_pkt_time":251741506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.187.236.179","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":251742741,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":251742741,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742554,"flow_src_last_pkt_time":251742554,"flow_dst_last_pkt_time":251742554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.13.30","src_port":28681,"dst_port":15138,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742554,"flow_src_last_pkt_time":251742554,"flow_dst_last_pkt_time":251742554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.13.30","src_port":28681,"dst_port":15138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739411,"flow_src_last_pkt_time":251739411,"flow_dst_last_pkt_time":251739411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.31.118","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739411,"flow_src_last_pkt_time":251739411,"flow_dst_last_pkt_time":251739411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.31.118","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251738882,"flow_src_last_pkt_time":251738882,"flow_dst_last_pkt_time":251738882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.219.202.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741806,"flow_src_last_pkt_time":251741806,"flow_dst_last_pkt_time":251741806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.127.34","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741506,"flow_src_last_pkt_time":251741506,"flow_dst_last_pkt_time":251741506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.187.236.179","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":72849111,"flow_src_last_pkt_time":251742741,"flow_dst_last_pkt_time":72849111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742554,"flow_src_last_pkt_time":251742554,"flow_dst_last_pkt_time":251742554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.249.13.30","src_port":28681,"dst_port":15138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739411,"flow_src_last_pkt_time":251739411,"flow_dst_last_pkt_time":251739411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.155.31.118","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243618625,"flow_src_last_pkt_time":243618625,"flow_dst_last_pkt_time":243618625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.135.8.7","src_port":28681,"dst_port":1219,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243618625,"flow_src_last_pkt_time":243618625,"flow_dst_last_pkt_time":243618625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.135.8.7","src_port":28681,"dst_port":1219,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741302,"flow_src_last_pkt_time":251741302,"flow_dst_last_pkt_time":251741302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.247.160.96","src_port":28681,"dst_port":17817,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741302,"flow_src_last_pkt_time":251741302,"flow_dst_last_pkt_time":251741302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.247.160.96","src_port":28681,"dst_port":17817,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740418,"flow_src_last_pkt_time":251740418,"flow_dst_last_pkt_time":251740418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.28.130.131","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740418,"flow_src_last_pkt_time":251740418,"flow_dst_last_pkt_time":251740418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.28.130.131","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743729,"flow_src_last_pkt_time":251743729,"flow_dst_last_pkt_time":251743729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.86.190.163","src_port":28681,"dst_port":14142,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743729,"flow_src_last_pkt_time":251743729,"flow_dst_last_pkt_time":251743729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.86.190.163","src_port":28681,"dst_port":14142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739069,"flow_src_last_pkt_time":251739069,"flow_dst_last_pkt_time":251739069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"197.244.171.132","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739069,"flow_src_last_pkt_time":251739069,"flow_dst_last_pkt_time":251739069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"197.244.171.132","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00967{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742837,"flow_src_last_pkt_time":251742837,"flow_dst_last_pkt_time":251742837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.215.213","src_port":28681,"dst_port":23576,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742837,"flow_src_last_pkt_time":251742837,"flow_dst_last_pkt_time":251742837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.215.213","src_port":28681,"dst_port":23576,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743527,"flow_src_last_pkt_time":251743527,"flow_dst_last_pkt_time":251743527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.68.179.137","src_port":28681,"dst_port":6406,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743527,"flow_src_last_pkt_time":251743527,"flow_dst_last_pkt_time":251743527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.68.179.137","src_port":28681,"dst_port":6406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740269,"flow_src_last_pkt_time":251740269,"flow_dst_last_pkt_time":251740269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.194.53.68","src_port":28681,"dst_port":33770,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740269,"flow_src_last_pkt_time":251740269,"flow_dst_last_pkt_time":251740269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.194.53.68","src_port":28681,"dst_port":33770,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802485,"flow_src_last_pkt_time":251802485,"flow_dst_last_pkt_time":251802485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.193.23.172","src_port":28681,"dst_port":42227,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802485,"flow_src_last_pkt_time":251802485,"flow_dst_last_pkt_time":251802485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.193.23.172","src_port":28681,"dst_port":42227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":251739950,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":251739950,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739830,"flow_src_last_pkt_time":251739830,"flow_dst_last_pkt_time":251739830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739830,"flow_src_last_pkt_time":251739830,"flow_dst_last_pkt_time":251739830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741302,"flow_src_last_pkt_time":251741302,"flow_dst_last_pkt_time":251741302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.247.160.96","src_port":28681,"dst_port":17817,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740418,"flow_src_last_pkt_time":251740418,"flow_dst_last_pkt_time":251740418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.28.130.131","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743729,"flow_src_last_pkt_time":251743729,"flow_dst_last_pkt_time":251743729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.86.190.163","src_port":28681,"dst_port":14142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739069,"flow_src_last_pkt_time":251739069,"flow_dst_last_pkt_time":251739069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"197.244.171.132","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742837,"flow_src_last_pkt_time":251742837,"flow_dst_last_pkt_time":251742837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.215.213","src_port":28681,"dst_port":23576,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743527,"flow_src_last_pkt_time":251743527,"flow_dst_last_pkt_time":251743527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.68.179.137","src_port":28681,"dst_port":6406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251740269,"flow_src_last_pkt_time":251740269,"flow_dst_last_pkt_time":251740269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.194.53.68","src_port":28681,"dst_port":33770,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251802485,"flow_src_last_pkt_time":251802485,"flow_dst_last_pkt_time":251802485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.193.23.172","src_port":28681,"dst_port":42227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":71539248,"flow_src_last_pkt_time":251739950,"flow_dst_last_pkt_time":71539248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":7922,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251739830,"flow_src_last_pkt_time":251739830,"flow_dst_last_pkt_time":251739830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00967{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619335,"flow_src_last_pkt_time":243619335,"flow_dst_last_pkt_time":243619335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"144.134.132.206","src_port":28681,"dst_port":16401,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619335,"flow_src_last_pkt_time":243619335,"flow_dst_last_pkt_time":243619335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"144.134.132.206","src_port":28681,"dst_port":16401,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00967{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743945,"flow_src_last_pkt_time":251743945,"flow_dst_last_pkt_time":251743945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.165.170.112","src_port":28681,"dst_port":37087,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743945,"flow_src_last_pkt_time":251743945,"flow_dst_last_pkt_time":251743945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.165.170.112","src_port":28681,"dst_port":37087,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743945,"flow_src_last_pkt_time":251743945,"flow_dst_last_pkt_time":251743945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.165.170.112","src_port":28681,"dst_port":37087,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619466,"flow_src_last_pkt_time":243619466,"flow_dst_last_pkt_time":243619466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"161.81.38.67","src_port":28681,"dst_port":9539,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243619466,"flow_src_last_pkt_time":243619466,"flow_dst_last_pkt_time":243619466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"161.81.38.67","src_port":28681,"dst_port":9539,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743626,"flow_src_last_pkt_time":251743626,"flow_dst_last_pkt_time":251743626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.38.163.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743626,"flow_src_last_pkt_time":251743626,"flow_dst_last_pkt_time":251743626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.38.163.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741711,"flow_src_last_pkt_time":251741711,"flow_dst_last_pkt_time":251741711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.193.236.8","src_port":28681,"dst_port":46557,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741711,"flow_src_last_pkt_time":251741711,"flow_dst_last_pkt_time":251741711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.193.236.8","src_port":28681,"dst_port":46557,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743139,"flow_src_last_pkt_time":251743139,"flow_dst_last_pkt_time":251743139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.6.118.53","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743139,"flow_src_last_pkt_time":251743139,"flow_dst_last_pkt_time":251743139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.6.118.53","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743626,"flow_src_last_pkt_time":251743626,"flow_dst_last_pkt_time":251743626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.38.163.2","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251741711,"flow_src_last_pkt_time":251741711,"flow_dst_last_pkt_time":251741711,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.193.236.8","src_port":28681,"dst_port":46557,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251743139,"flow_src_last_pkt_time":251743139,"flow_dst_last_pkt_time":251743139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.6.118.53","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243620225,"flow_src_last_pkt_time":243620225,"flow_dst_last_pkt_time":243620225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":24634,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243620225,"flow_src_last_pkt_time":243620225,"flow_dst_last_pkt_time":243620225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":24634,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742935,"flow_src_last_pkt_time":251742935,"flow_dst_last_pkt_time":251742935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.8.95.165","src_port":28681,"dst_port":40763,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742935,"flow_src_last_pkt_time":251742935,"flow_dst_last_pkt_time":251742935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.8.95.165","src_port":28681,"dst_port":40763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251742935,"flow_src_last_pkt_time":251742935,"flow_dst_last_pkt_time":251742935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.8.95.165","src_port":28681,"dst_port":40763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243620034,"flow_src_last_pkt_time":243620034,"flow_dst_last_pkt_time":243620034,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.59.24","src_port":28681,"dst_port":28755,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":243620034,"flow_src_last_pkt_time":243620034,"flow_dst_last_pkt_time":243620034,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.59.24","src_port":28681,"dst_port":28755,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287425184,"flow_src_last_pkt_time":287425184,"flow_dst_last_pkt_time":287425184,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.148.100.237","src_port":28681,"dst_port":23459,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -5105,37 +5205,37 @@ 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287484830,"flow_src_last_pkt_time":287484830,"flow_dst_last_pkt_time":287484830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.172.184.48","src_port":28681,"dst_port":13281,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287341251,"flow_src_last_pkt_time":320291193,"flow_dst_last_pkt_time":287341251,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.184.29.35","src_port":28681,"dst_port":30582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287321004,"flow_src_last_pkt_time":287321004,"flow_dst_last_pkt_time":287321004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.234.197.93","src_port":28681,"dst_port":1483,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287313271,"flow_src_last_pkt_time":287313271,"flow_dst_last_pkt_time":287313271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.142.109.190","src_port":28681,"dst_port":41370,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287313271,"flow_src_last_pkt_time":287313271,"flow_dst_last_pkt_time":287313271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.142.109.190","src_port":28681,"dst_port":41370,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287589463,"flow_src_last_pkt_time":287589463,"flow_dst_last_pkt_time":287589463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.200.235","src_port":28681,"dst_port":2846,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287444410,"flow_src_last_pkt_time":287444410,"flow_dst_last_pkt_time":287444410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":28681,"dst_port":59016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287623920,"flow_src_last_pkt_time":287623920,"flow_dst_last_pkt_time":287623920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.18.212.223","src_port":28681,"dst_port":50637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287650717,"flow_src_last_pkt_time":287650717,"flow_dst_last_pkt_time":287650717,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.206.27.26","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314350,"flow_src_last_pkt_time":287314350,"flow_dst_last_pkt_time":287314350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.47.223.27","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309338,"flow_src_last_pkt_time":287309338,"flow_dst_last_pkt_time":287309338,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.173.230.98","src_port":28681,"dst_port":19004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314350,"flow_src_last_pkt_time":287314350,"flow_dst_last_pkt_time":287314350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.47.223.27","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309338,"flow_src_last_pkt_time":287309338,"flow_dst_last_pkt_time":287309338,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.173.230.98","src_port":28681,"dst_port":19004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339588,"flow_src_last_pkt_time":320290592,"flow_dst_last_pkt_time":287339588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.229.185.60","src_port":28681,"dst_port":6898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287429914,"flow_src_last_pkt_time":287429914,"flow_dst_last_pkt_time":287624396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.36.249.91","src_port":28681,"dst_port":7190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287651077,"flow_src_last_pkt_time":287651077,"flow_dst_last_pkt_time":287651077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.190.184","src_port":28681,"dst_port":64163,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308993,"flow_src_last_pkt_time":287308993,"flow_dst_last_pkt_time":287308993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.247.89.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":373494210,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":431831496,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":431829784,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308993,"flow_src_last_pkt_time":287308993,"flow_dst_last_pkt_time":287308993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.247.89.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":373494210,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":431831496,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":431829784,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00945{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":280014541,"flow_src_last_pkt_time":283055110,"flow_dst_last_pkt_time":280014541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57552,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442897,"flow_src_last_pkt_time":287442897,"flow_dst_last_pkt_time":287442897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.36.249.91","src_port":28681,"dst_port":64577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287485837,"flow_src_last_pkt_time":287485837,"flow_dst_last_pkt_time":287485837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":3227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287511462,"flow_src_last_pkt_time":287511462,"flow_dst_last_pkt_time":287511462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.10.152","src_port":28681,"dst_port":21293,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287859998,"flow_src_last_pkt_time":287859998,"flow_dst_last_pkt_time":287859998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.25.47","src_port":28681,"dst_port":21293,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315409,"flow_src_last_pkt_time":287315409,"flow_dst_last_pkt_time":287315409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.246.147.72","src_port":28681,"dst_port":4572,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315409,"flow_src_last_pkt_time":287315409,"flow_dst_last_pkt_time":287315409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.246.147.72","src_port":28681,"dst_port":4572,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287858651,"flow_src_last_pkt_time":287858651,"flow_dst_last_pkt_time":287858651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.199.148.6","src_port":28681,"dst_port":4338,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287441868,"flow_src_last_pkt_time":287441868,"flow_dst_last_pkt_time":287441868,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":28681,"dst_port":52274,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287600343,"flow_src_last_pkt_time":287600343,"flow_dst_last_pkt_time":287600343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.118.77","src_port":28681,"dst_port":62191,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287859998,"flow_src_last_pkt_time":287859998,"flow_dst_last_pkt_time":287859998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":3256,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356130,"flow_src_last_pkt_time":320291674,"flow_dst_last_pkt_time":287356130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":3259,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287496517,"flow_src_last_pkt_time":287539055,"flow_dst_last_pkt_time":287579829,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":28681,"dst_port":16201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":431828440,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":373495642,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":431828440,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":373495642,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287469025,"flow_src_last_pkt_time":287753028,"flow_dst_last_pkt_time":288019720,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.208.167.152","src_port":28681,"dst_port":30628,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287441707,"flow_src_last_pkt_time":287441707,"flow_dst_last_pkt_time":287441707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.18.212.223","src_port":28681,"dst_port":58954,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":431830029,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":431830029,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287681495,"flow_src_last_pkt_time":287681495,"flow_dst_last_pkt_time":287681495,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":28681,"dst_port":51379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287430116,"flow_src_last_pkt_time":287430116,"flow_dst_last_pkt_time":287430116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":28681,"dst_port":9747,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287423574,"flow_src_last_pkt_time":287423574,"flow_dst_last_pkt_time":287423574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.40.163.123","src_port":28681,"dst_port":55341,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -5157,9 +5257,9 @@ 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339727,"flow_src_last_pkt_time":320290625,"flow_dst_last_pkt_time":287339727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":54436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287653242,"flow_src_last_pkt_time":287653242,"flow_dst_last_pkt_time":287653242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.14.31","src_port":28681,"dst_port":64871,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":288355413,"flow_src_last_pkt_time":288355413,"flow_dst_last_pkt_time":288355413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":48250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310956,"flow_src_last_pkt_time":287310956,"flow_dst_last_pkt_time":287310956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310956,"flow_src_last_pkt_time":287310956,"flow_dst_last_pkt_time":287310956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287621585,"flow_src_last_pkt_time":287621585,"flow_dst_last_pkt_time":287621585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":54459,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312421,"flow_src_last_pkt_time":287312421,"flow_dst_last_pkt_time":287312421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"136.32.84.139","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312421,"flow_src_last_pkt_time":287312421,"flow_dst_last_pkt_time":287312421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"136.32.84.139","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287357163,"flow_src_last_pkt_time":320292378,"flow_dst_last_pkt_time":287357163,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":59879,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287485157,"flow_src_last_pkt_time":287485157,"flow_dst_last_pkt_time":287485157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":28681,"dst_port":1630,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287624187,"flow_src_last_pkt_time":287624187,"flow_dst_last_pkt_time":287624187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.93.150.146","src_port":28681,"dst_port":62507,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -5170,11 +5270,11 @@ 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287486202,"flow_src_last_pkt_time":287486202,"flow_dst_last_pkt_time":287486202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.234.18.166","src_port":28681,"dst_port":61319,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340857,"flow_src_last_pkt_time":320291054,"flow_dst_last_pkt_time":287340857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":28681,"dst_port":51675,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287681721,"flow_src_last_pkt_time":287681721,"flow_dst_last_pkt_time":287681721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.174.174.69","src_port":28681,"dst_port":21358,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":371839164,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":371839164,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287467615,"flow_src_last_pkt_time":287467615,"flow_dst_last_pkt_time":287467615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.118.77","src_port":28681,"dst_port":60482,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":289961626,"flow_src_last_pkt_time":289961626,"flow_dst_last_pkt_time":290166113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287443704,"flow_src_last_pkt_time":287443704,"flow_dst_last_pkt_time":287443704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":42288,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":373496723,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":373496723,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287859998,"flow_src_last_pkt_time":287859998,"flow_dst_last_pkt_time":287859998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":19814,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287428877,"flow_src_last_pkt_time":287428877,"flow_dst_last_pkt_time":287428877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.134.154.158","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287342606,"flow_src_last_pkt_time":287680998,"flow_dst_last_pkt_time":288307881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.238.145.82","src_port":28681,"dst_port":33527,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -5190,13 +5290,13 @@ 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287441286,"flow_src_last_pkt_time":287441286,"flow_dst_last_pkt_time":287441286,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":28681,"dst_port":7375,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287467263,"flow_src_last_pkt_time":287467263,"flow_dst_last_pkt_time":287467263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.152.218","src_port":28681,"dst_port":51920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287484483,"flow_src_last_pkt_time":287484483,"flow_dst_last_pkt_time":287484483,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":28681,"dst_port":7380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312889,"flow_src_last_pkt_time":287312889,"flow_dst_last_pkt_time":287312889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.144.99.73","src_port":28681,"dst_port":10745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312889,"flow_src_last_pkt_time":287312889,"flow_dst_last_pkt_time":287312889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.144.99.73","src_port":28681,"dst_port":10745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287427173,"flow_src_last_pkt_time":287427173,"flow_dst_last_pkt_time":287642779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.83.5","src_port":28681,"dst_port":10624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":287424215,"flow_src_last_pkt_time":350982053,"flow_dst_last_pkt_time":351110333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.239.173.18","src_port":28681,"dst_port":23327,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314783,"flow_src_last_pkt_time":287314783,"flow_dst_last_pkt_time":287314783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.196.216.12","src_port":28681,"dst_port":58910,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":311751600,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314783,"flow_src_last_pkt_time":287314783,"flow_dst_last_pkt_time":287314783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.196.216.12","src_port":28681,"dst_port":58910,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":311751600,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287385994,"flow_src_last_pkt_time":287385994,"flow_dst_last_pkt_time":287385994,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.118.77","src_port":28681,"dst_port":56562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":431830264,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":431830264,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340413,"flow_src_last_pkt_time":320290815,"flow_dst_last_pkt_time":287340413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.41.253","src_port":28681,"dst_port":14339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287486558,"flow_src_last_pkt_time":287486558,"flow_dst_last_pkt_time":287710915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"210.209.249.84","src_port":28681,"dst_port":24751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287496674,"flow_src_last_pkt_time":287496674,"flow_dst_last_pkt_time":287828000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":61,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":61,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":28681,"dst_port":45710,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -5209,18 +5309,18 @@ 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442403,"flow_src_last_pkt_time":287442403,"flow_dst_last_pkt_time":287442403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.64.156.63","src_port":28681,"dst_port":60092,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287511284,"flow_src_last_pkt_time":287511284,"flow_dst_last_pkt_time":287511284,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":28681,"dst_port":49803,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287526491,"flow_src_last_pkt_time":287526491,"flow_dst_last_pkt_time":287526491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.127.1.235","src_port":28681,"dst_port":37814,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287310365,"flow_src_last_pkt_time":287310365,"flow_dst_last_pkt_time":287954302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":306,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":306,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.161.80.82","src_port":28681,"dst_port":8656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287310365,"flow_src_last_pkt_time":287310365,"flow_dst_last_pkt_time":287954302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":306,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":306,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.161.80.82","src_port":28681,"dst_port":8656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287496192,"flow_src_last_pkt_time":287496192,"flow_dst_last_pkt_time":287496192,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":28681,"dst_port":49815,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287651749,"flow_src_last_pkt_time":287651749,"flow_dst_last_pkt_time":287651749,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.40.67.191","src_port":28681,"dst_port":14971,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356915,"flow_src_last_pkt_time":320292278,"flow_dst_last_pkt_time":287356915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":28681,"dst_port":53883,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287525166,"flow_src_last_pkt_time":287525166,"flow_dst_last_pkt_time":287525166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":54914,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287698485,"flow_src_last_pkt_time":287698485,"flow_dst_last_pkt_time":287698485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"101.136.187.253","src_port":28681,"dst_port":10914,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287320411,"flow_src_last_pkt_time":287320411,"flow_dst_last_pkt_time":287320411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.250.32","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311602,"flow_src_last_pkt_time":287311602,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287312193,"flow_src_last_pkt_time":287312193,"flow_dst_last_pkt_time":288223001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":320,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":320,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.2.62.28","src_port":28681,"dst_port":6387,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308439,"flow_src_last_pkt_time":287308439,"flow_dst_last_pkt_time":287308439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.210.81.59","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":373495985,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310048,"flow_src_last_pkt_time":287310048,"flow_dst_last_pkt_time":287310048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"8.44.149.207","src_port":28681,"dst_port":30551,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311602,"flow_src_last_pkt_time":287311602,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287312193,"flow_src_last_pkt_time":287312193,"flow_dst_last_pkt_time":288223001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":320,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":320,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.2.62.28","src_port":28681,"dst_port":6387,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308439,"flow_src_last_pkt_time":287308439,"flow_dst_last_pkt_time":287308439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.210.81.59","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":373495985,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310048,"flow_src_last_pkt_time":287310048,"flow_dst_last_pkt_time":287310048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"8.44.149.207","src_port":28681,"dst_port":30551,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287652154,"flow_src_last_pkt_time":287652154,"flow_dst_last_pkt_time":287652154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.192.83.59","src_port":28681,"dst_port":33513,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287499197,"flow_src_last_pkt_time":287499197,"flow_dst_last_pkt_time":287499197,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.199.103","src_port":28681,"dst_port":2625,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287682493,"flow_src_last_pkt_time":287682493,"flow_dst_last_pkt_time":287682493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.191.58.38","src_port":28681,"dst_port":48157,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -5241,20 +5341,20 @@ 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287682208,"flow_src_last_pkt_time":287682208,"flow_dst_last_pkt_time":287682208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.249.190.8","src_port":28681,"dst_port":25198,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287699174,"flow_src_last_pkt_time":287699174,"flow_dst_last_pkt_time":287699174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.163","src_port":28681,"dst_port":6564,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287341361,"flow_src_last_pkt_time":320291262,"flow_dst_last_pkt_time":287341361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.49.159.77","src_port":28681,"dst_port":55915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":311749976,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":311749976,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287859330,"flow_src_last_pkt_time":287859330,"flow_dst_last_pkt_time":287859330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":52420,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":373494945,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":373494945,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287573220,"flow_src_last_pkt_time":320293048,"flow_dst_last_pkt_time":287573220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.163","src_port":28681,"dst_port":6594,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287497829,"flow_src_last_pkt_time":287497829,"flow_dst_last_pkt_time":287497829,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.179.18.242","src_port":28681,"dst_port":47329,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":289962007,"flow_src_last_pkt_time":289962007,"flow_dst_last_pkt_time":289962007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.163","src_port":28681,"dst_port":6599,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287321152,"flow_src_last_pkt_time":287321152,"flow_dst_last_pkt_time":287321152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.72.149.140","src_port":28681,"dst_port":37848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287510194,"flow_src_last_pkt_time":287547151,"flow_dst_last_pkt_time":287583222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":110,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.20.248.147","src_port":28681,"dst_port":30706,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287654311,"flow_src_last_pkt_time":287654311,"flow_dst_last_pkt_time":287654311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.129.86.65","src_port":28681,"dst_port":49723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311908,"flow_src_last_pkt_time":287311908,"flow_dst_last_pkt_time":287311908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.203.45.107","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311908,"flow_src_last_pkt_time":287311908,"flow_dst_last_pkt_time":287311908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.203.45.107","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287383122,"flow_src_last_pkt_time":287383122,"flow_dst_last_pkt_time":287383122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.105.52.2","src_port":28681,"dst_port":6831,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":371836608,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":371836608,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287498759,"flow_src_last_pkt_time":287498759,"flow_dst_last_pkt_time":287498759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":28681,"dst_port":7849,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":431830990,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":431830990,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287698888,"flow_src_last_pkt_time":287698888,"flow_dst_last_pkt_time":287698888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.47.227.91","src_port":28681,"dst_port":54463,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287699351,"flow_src_last_pkt_time":287743590,"flow_dst_last_pkt_time":287783603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.168.34.105","src_port":28681,"dst_port":39908,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287497569,"flow_src_last_pkt_time":287497569,"flow_dst_last_pkt_time":287497569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.174.18.115","src_port":28681,"dst_port":50679,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -5269,7 +5369,7 @@ 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287510972,"flow_src_last_pkt_time":287510972,"flow_dst_last_pkt_time":287510972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.22.22.94","src_port":28681,"dst_port":34245,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287588556,"flow_src_last_pkt_time":287588556,"flow_dst_last_pkt_time":287588556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"159.196.95.223","src_port":28681,"dst_port":2003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287511819,"flow_src_last_pkt_time":287511819,"flow_dst_last_pkt_time":287824341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"180.218.135.222","src_port":28681,"dst_port":4548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":311750486,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":311750486,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287426310,"flow_src_last_pkt_time":287426310,"flow_dst_last_pkt_time":287647245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.170.108","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287619126,"flow_src_last_pkt_time":287619126,"flow_dst_last_pkt_time":287619126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.83.5","src_port":28681,"dst_port":9128,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287652991,"flow_src_last_pkt_time":287652991,"flow_dst_last_pkt_time":287652991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.200.235","src_port":28681,"dst_port":1968,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -5281,16 +5381,16 @@ 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287859998,"flow_src_last_pkt_time":287859998,"flow_dst_last_pkt_time":287859998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":4364,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287648701,"flow_src_last_pkt_time":287648701,"flow_dst_last_pkt_time":287648701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":55050,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340314,"flow_src_last_pkt_time":320290768,"flow_dst_last_pkt_time":287340314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.200.235","src_port":28681,"dst_port":2034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":253026184,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":373496852,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":253026184,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":373496852,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287428427,"flow_src_last_pkt_time":287428427,"flow_dst_last_pkt_time":287428427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":35004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":373497174,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311299,"flow_src_last_pkt_time":287311299,"flow_dst_last_pkt_time":287311299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.156.58.211","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312665,"flow_src_last_pkt_time":287312665,"flow_dst_last_pkt_time":287312665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.4.204.220","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":373497174,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311299,"flow_src_last_pkt_time":287311299,"flow_dst_last_pkt_time":287311299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.156.58.211","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312665,"flow_src_last_pkt_time":287312665,"flow_dst_last_pkt_time":287312665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.4.204.220","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287622813,"flow_src_last_pkt_time":287622813,"flow_dst_last_pkt_time":287622813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.14.143.237","src_port":28681,"dst_port":13965,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287532984,"flow_src_last_pkt_time":287836880,"flow_dst_last_pkt_time":288223086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.59.117.166","src_port":28681,"dst_port":33192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340060,"flow_src_last_pkt_time":320290682,"flow_dst_last_pkt_time":287340060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":28681,"dst_port":10655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":431829362,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":431829362,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442727,"flow_src_last_pkt_time":287442727,"flow_dst_last_pkt_time":287442727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.203.72.224","src_port":28681,"dst_port":53658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287429288,"flow_src_last_pkt_time":287429288,"flow_dst_last_pkt_time":287429288,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.250.32","src_port":28681,"dst_port":52647,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287524138,"flow_src_last_pkt_time":287524138,"flow_dst_last_pkt_time":287524138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.12.1.136","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -5298,8 +5398,8 @@ 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287466034,"flow_src_last_pkt_time":287466034,"flow_dst_last_pkt_time":287466034,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.10.174.159","src_port":28681,"dst_port":4841,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339383,"flow_src_last_pkt_time":320290529,"flow_dst_last_pkt_time":287339383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":28681,"dst_port":10677,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287635205,"flow_src_last_pkt_time":320293343,"flow_dst_last_pkt_time":287635205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.189.72.230","src_port":28681,"dst_port":8161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":371838412,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314573,"flow_src_last_pkt_time":287314573,"flow_dst_last_pkt_time":287314573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"209.204.207.5","src_port":28681,"dst_port":49256,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":371838412,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314573,"flow_src_last_pkt_time":287314573,"flow_dst_last_pkt_time":287314573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"209.204.207.5","src_port":28681,"dst_port":49256,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287858940,"flow_src_last_pkt_time":287858940,"flow_dst_last_pkt_time":287858940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.91.201","src_port":28681,"dst_port":4297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287496358,"flow_src_last_pkt_time":287714018,"flow_dst_last_pkt_time":288483516,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.62.225.181","src_port":28681,"dst_port":46843,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356009,"flow_src_last_pkt_time":320291601,"flow_dst_last_pkt_time":287356009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.250.6.59","src_port":28681,"dst_port":60012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -5311,11 +5411,11 @@ 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287599291,"flow_src_last_pkt_time":287599291,"flow_dst_last_pkt_time":287599291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"180.218.135.222","src_port":28681,"dst_port":49867,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287424448,"flow_src_last_pkt_time":287424448,"flow_dst_last_pkt_time":287697275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.17.132.18","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287619767,"flow_src_last_pkt_time":287619767,"flow_dst_last_pkt_time":287619767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"150.116.225.105","src_port":28681,"dst_port":51438,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316018,"flow_src_last_pkt_time":287316018,"flow_dst_last_pkt_time":287316018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316018,"flow_src_last_pkt_time":287316018,"flow_dst_last_pkt_time":287316018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287681933,"flow_src_last_pkt_time":287681933,"flow_dst_last_pkt_time":287681933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.71.72.88","src_port":28681,"dst_port":58808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287525885,"flow_src_last_pkt_time":287525885,"flow_dst_last_pkt_time":287525885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":28681,"dst_port":10791,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340969,"flow_src_last_pkt_time":320291125,"flow_dst_last_pkt_time":287340969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.39.159.60","src_port":28681,"dst_port":56896,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":311749691,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":311749691,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287384891,"flow_src_last_pkt_time":287384891,"flow_dst_last_pkt_time":287384891,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":28681,"dst_port":53144,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356560,"flow_src_last_pkt_time":320292115,"flow_dst_last_pkt_time":287356560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":28681,"dst_port":53163,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287511632,"flow_src_last_pkt_time":287511632,"flow_dst_last_pkt_time":287511632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.18.212.223","src_port":28681,"dst_port":58290,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -5327,15 +5427,15 @@ 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287424939,"flow_src_last_pkt_time":287424939,"flow_dst_last_pkt_time":287424939,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":42925,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287387000,"flow_src_last_pkt_time":287557061,"flow_dst_last_pkt_time":287752626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":28681,"dst_port":8890,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287620673,"flow_src_last_pkt_time":287620673,"flow_dst_last_pkt_time":287620673,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.227.198.100","src_port":28681,"dst_port":6910,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":253024749,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310684,"flow_src_last_pkt_time":287310684,"flow_dst_last_pkt_time":287310684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.143.34.225","src_port":28681,"dst_port":20071,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":253024749,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310684,"flow_src_last_pkt_time":287310684,"flow_dst_last_pkt_time":287310684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.143.34.225","src_port":28681,"dst_port":20071,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287385508,"flow_src_last_pkt_time":287385508,"flow_dst_last_pkt_time":287385508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.176.62.40","src_port":28681,"dst_port":52755,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314979,"flow_src_last_pkt_time":287314979,"flow_dst_last_pkt_time":287314979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.114.40.175","src_port":28681,"dst_port":23552,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314979,"flow_src_last_pkt_time":287314979,"flow_dst_last_pkt_time":287314979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.114.40.175","src_port":28681,"dst_port":23552,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442230,"flow_src_last_pkt_time":287442230,"flow_dst_last_pkt_time":287442230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":59875,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287315710,"flow_src_last_pkt_time":287315710,"flow_dst_last_pkt_time":288490528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":314,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":314,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.162.27","src_port":28681,"dst_port":7986,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316233,"flow_src_last_pkt_time":287316233,"flow_dst_last_pkt_time":287316233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":28681,"dst_port":8070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287315710,"flow_src_last_pkt_time":287315710,"flow_dst_last_pkt_time":288490528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":314,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":314,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.162.27","src_port":28681,"dst_port":7986,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316233,"flow_src_last_pkt_time":287316233,"flow_dst_last_pkt_time":287316233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":28681,"dst_port":8070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442550,"flow_src_last_pkt_time":287442550,"flow_dst_last_pkt_time":287442550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.200.161","src_port":28681,"dst_port":65274,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":373495794,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":373495794,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287498581,"flow_src_last_pkt_time":287498581,"flow_dst_last_pkt_time":287719864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.242.225","src_port":28681,"dst_port":15068,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287698314,"flow_src_last_pkt_time":287698314,"flow_dst_last_pkt_time":287698314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.171.82.65","src_port":28681,"dst_port":50072,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287444268,"flow_src_last_pkt_time":287444268,"flow_dst_last_pkt_time":287749515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":28681,"dst_port":23461,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -5354,13 +5454,13 @@ 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287653866,"flow_src_last_pkt_time":287653866,"flow_dst_last_pkt_time":287653866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.121.156","src_port":28681,"dst_port":3624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287341591,"flow_src_last_pkt_time":320291446,"flow_dst_last_pkt_time":287341591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":43316,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287623141,"flow_src_last_pkt_time":287623141,"flow_dst_last_pkt_time":287623141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":53454,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314125,"flow_src_last_pkt_time":287314125,"flow_dst_last_pkt_time":287314125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.94.85.113","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314125,"flow_src_last_pkt_time":287314125,"flow_dst_last_pkt_time":287314125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.94.85.113","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287523680,"flow_src_last_pkt_time":287523680,"flow_dst_last_pkt_time":287523680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.139.21.182","src_port":28681,"dst_port":50110,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339043,"flow_src_last_pkt_time":320290446,"flow_dst_last_pkt_time":287339043,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.167.248.220","src_port":28681,"dst_port":59304,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309691,"flow_src_last_pkt_time":287309691,"flow_dst_last_pkt_time":287309691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.100.76.123","src_port":28681,"dst_port":39628,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309691,"flow_src_last_pkt_time":287309691,"flow_dst_last_pkt_time":287309691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.100.76.123","src_port":28681,"dst_port":39628,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287386762,"flow_src_last_pkt_time":291154795,"flow_dst_last_pkt_time":294825827,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.89.249.8","src_port":28681,"dst_port":50649,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":431830502,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315207,"flow_src_last_pkt_time":287315207,"flow_dst_last_pkt_time":287315207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.137.106.173","src_port":28681,"dst_port":11625,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":431830502,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315207,"flow_src_last_pkt_time":287315207,"flow_dst_last_pkt_time":287315207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.137.106.173","src_port":28681,"dst_port":11625,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287320529,"flow_src_last_pkt_time":287320529,"flow_dst_last_pkt_time":287320529,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.152.218","src_port":28681,"dst_port":51153,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287429503,"flow_src_last_pkt_time":287429503,"flow_dst_last_pkt_time":287429503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":48380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3565,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287443413,"flow_src_last_pkt_time":287443413,"flow_dst_last_pkt_time":287443413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":431831712,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"180.149.125.139","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -5383,37 +5483,30 @@ 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3570,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":5,"flow_src_last_pkt_time":433135172,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":433135172,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0f7IAAIAR17YKAAIPd+BfYXAJtRQAIJWWR05EEEA6AQFUC1FLUlAGUk5BXS\/iNQlw"} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3571,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433135408,"flow_src_last_pkt_time":433135408,"flow_dst_last_pkt_time":433135408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":433135408,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3571,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":763,"flow_packet_id":1,"flow_src_last_pkt_time":433135408,"flow_dst_last_pkt_time":433135408,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":433135408,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ANMAAIARBlcKAAIPVarR1nAJtIIAIEXoR05EEEA7AQFUC1FLUlAGUk5BXS\/iNQlw"} +01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3571,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433135408,"flow_src_last_pkt_time":433135408,"flow_dst_last_pkt_time":433135408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":433135408,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3572,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":2,"flow_src_last_pkt_time":433135644,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":433135644,"pkt":"UlQAEjUCCAAn5uVZCABFAAA022oAAIARFCUKAAIPStL0SHAJGMoAIMoFR05EEEA8AQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3573,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":4,"flow_src_last_pkt_time":433135784,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":433135784,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0rs4AAIAR+cwKAAIPWEQty3AJGMoAIIMQR05EEEA9AQFUC1FLUlAGUk5BXS\/iNQlw"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3574,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":5,"flow_src_last_pkt_time":433135893,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":433135893,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0djoAAIARTngKAAIPVYoUbnAJGMoAIJ8mR05EEEA+AQFUC1FLUlAGUk5BXS\/iNQlw"} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3575,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433136175,"flow_src_last_pkt_time":433136175,"flow_dst_last_pkt_time":433136175,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":433136175,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3575,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":764,"flow_packet_id":1,"flow_src_last_pkt_time":433136175,"flow_dst_last_pkt_time":433136175,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":433136175,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0dXUAAIARfkEKAAIP0Fxql3AJftwAIGgXR05EEEA\/AQFUC1FLUlAGUk5BXS\/iNQlw"} +01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3575,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433136175,"flow_src_last_pkt_time":433136175,"flow_dst_last_pkt_time":433136175,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":433136175,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3577,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":5,"flow_src_last_pkt_time":433136506,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":433136506,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0lsYAAIARXJkKAAIPVvTkVnAJJ5MAIL8HR05EEEBBAQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3578,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":4,"flow_src_last_pkt_time":433136626,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":433136626,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0fvsAAIAR6toKAAIPmgMq0XAJGMoAIERGR05EEEBCAQFUC1FLUlAGUk5BXS\/iNQlw"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3579,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_packet_id":2,"flow_src_last_pkt_time":433136748,"flow_dst_last_pkt_time":373494060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":433136748,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0M5gAAIARjK8KAAIPKWRE\/3AJMiYAIIFaR05EEEBDAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3580,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":4,"flow_src_last_pkt_time":433136941,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":433136941,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0v9AAAIARvTEKAAIPc0U+Y3AJGMoAIFdwR05EEEBEAQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3581,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":5,"flow_src_last_pkt_time":433137069,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":433137069,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0amsAAIARaXQKAAIPQoMYSHAJd\/cAIE8fR05EEEBFAQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3583,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_packet_id":3,"flow_src_last_pkt_time":433137328,"flow_dst_last_pkt_time":312957456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":433137328,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0D1IAAIARtkwKAAIPjnPamHAJFwwAIKHHR05EEEBHAQFUC1FLUlAGUk5BXS\/iNQlw"} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":93714209,"flow_src_last_pkt_time":253026052,"flow_dst_last_pkt_time":93714209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":93714209,"flow_src_last_pkt_time":253026052,"flow_dst_last_pkt_time":93714209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00844{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251741922,"flow_src_last_pkt_time":251741922,"flow_dst_last_pkt_time":253031457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":319,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":319,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.182.39.11","src_port":28681,"dst_port":12977,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00757{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251741922,"flow_src_last_pkt_time":251741922,"flow_dst_last_pkt_time":253031457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":319,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":319,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.182.39.11","src_port":28681,"dst_port":12977,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01034{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253024623,"flow_src_last_pkt_time":253024623,"flow_dst_last_pkt_time":253024623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"107.4.56.177","src_port":28681,"dst_port":10000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"CiscoVPN","proto_id":"161","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253024623,"flow_src_last_pkt_time":253024623,"flow_dst_last_pkt_time":253024623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"107.4.56.177","src_port":28681,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00843{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251769032,"flow_src_last_pkt_time":251769032,"flow_dst_last_pkt_time":252632878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":327,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.64.177.53","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00756{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251769032,"flow_src_last_pkt_time":251769032,"flow_dst_last_pkt_time":252632878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":327,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.64.177.53","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":93714209,"flow_src_last_pkt_time":253026052,"flow_dst_last_pkt_time":93714209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01188{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251741922,"flow_src_last_pkt_time":251741922,"flow_dst_last_pkt_time":253031457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":319,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":319,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.182.39.11","src_port":28681,"dst_port":12977,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":253024623,"flow_src_last_pkt_time":253024623,"flow_dst_last_pkt_time":253024623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"107.4.56.177","src_port":28681,"dst_port":10000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251769032,"flow_src_last_pkt_time":251769032,"flow_dst_last_pkt_time":252632878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":327,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.64.177.53","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251946178,"flow_src_last_pkt_time":251946178,"flow_dst_last_pkt_time":251946178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","src_port":1026,"dst_port":28681,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":251946178,"flow_src_last_pkt_time":251946178,"flow_dst_last_pkt_time":251946178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","src_port":1026,"dst_port":28681,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":253026184,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":253026184,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00843{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251742117,"flow_src_last_pkt_time":251742117,"flow_dst_last_pkt_time":252853049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":322,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":322,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.6.226","src_port":28681,"dst_port":9713,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00756{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251742117,"flow_src_last_pkt_time":251742117,"flow_dst_last_pkt_time":252853049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":322,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":322,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.6.226","src_port":28681,"dst_port":9713,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00845{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251741183,"flow_src_last_pkt_time":251741183,"flow_dst_last_pkt_time":252054388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":309,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":28681,"dst_port":8255,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00758{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251741183,"flow_src_last_pkt_time":251741183,"flow_dst_last_pkt_time":252054388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":309,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":28681,"dst_port":8255,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":253024371,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":253024371,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00845{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251743326,"flow_src_last_pkt_time":251743326,"flow_dst_last_pkt_time":252481655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":304,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":304,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.24.182.130","src_port":28681,"dst_port":22232,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00758{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251743326,"flow_src_last_pkt_time":251743326,"flow_dst_last_pkt_time":252481655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":304,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":304,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.24.182.130","src_port":28681,"dst_port":22232,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01179{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":83518597,"flow_src_last_pkt_time":253026184,"flow_dst_last_pkt_time":83518597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251742117,"flow_src_last_pkt_time":251742117,"flow_dst_last_pkt_time":252853049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":322,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":322,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.6.226","src_port":28681,"dst_port":9713,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01189{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251741183,"flow_src_last_pkt_time":251741183,"flow_dst_last_pkt_time":252054388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":309,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":28681,"dst_port":8255,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71540385,"flow_src_last_pkt_time":253024371,"flow_dst_last_pkt_time":71540385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"105.101.132.146","src_port":28681,"dst_port":57746,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01189{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":251743326,"flow_src_last_pkt_time":251743326,"flow_dst_last_pkt_time":252481655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":304,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":304,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.24.182.130","src_port":28681,"dst_port":22232,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243616097,"flow_src_last_pkt_time":287511110,"flow_dst_last_pkt_time":243616097,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"180.200.236.13","src_port":28681,"dst_port":12082,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251763326,"flow_src_last_pkt_time":287316376,"flow_dst_last_pkt_time":251763326,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.199.108","src_port":28681,"dst_port":56040,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251765454,"flow_src_last_pkt_time":287317165,"flow_dst_last_pkt_time":287535563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -5454,18 +5547,18 @@ 01191{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":89829104,"flow_src_last_pkt_time":287443257,"flow_dst_last_pkt_time":174144907,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":3014,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":95784399,"flow_src_last_pkt_time":287465597,"flow_dst_last_pkt_time":287572441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":327,"flow_dst_tot_l4_payload_len":2511,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243615848,"flow_src_last_pkt_time":287381383,"flow_dst_last_pkt_time":287944648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"156.57.42.2","src_port":28681,"dst_port":33476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":253025155,"flow_src_last_pkt_time":433136626,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":253025155,"flow_src_last_pkt_time":433136626,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":90138188,"flow_src_last_pkt_time":287318627,"flow_dst_last_pkt_time":287634909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":645,"flow_dst_tot_l4_payload_len":3364,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":95716693,"flow_src_last_pkt_time":287380885,"flow_dst_last_pkt_time":287440521,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":246,"flow_dst_tot_l4_payload_len":1755,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00761{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":90864578,"flow_src_last_pkt_time":287313728,"flow_dst_last_pkt_time":287337870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":1077,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":53489,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01192{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":90039406,"flow_src_last_pkt_time":287381612,"flow_dst_last_pkt_time":287415538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":807,"flow_dst_tot_l4_payload_len":4817,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251767115,"flow_src_last_pkt_time":287317920,"flow_dst_last_pkt_time":251767115,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.165.228.167","src_port":28681,"dst_port":12201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":253025433,"flow_src_last_pkt_time":433135784,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.68.45.203","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":253025433,"flow_src_last_pkt_time":433135784,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.68.45.203","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":89829492,"flow_src_last_pkt_time":287526703,"flow_dst_last_pkt_time":89829492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":271,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243616746,"flow_src_last_pkt_time":287422960,"flow_dst_last_pkt_time":287697244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.86.49.195","src_port":28681,"dst_port":12019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766954,"flow_src_last_pkt_time":287317823,"flow_dst_last_pkt_time":251766954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.240.113","src_port":28681,"dst_port":13867,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":243617373,"flow_src_last_pkt_time":365428420,"flow_dst_last_pkt_time":365474471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":77,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.71.243.60","src_port":28681,"dst_port":34498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251734977,"flow_src_last_pkt_time":381404139,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251734977,"flow_src_last_pkt_time":381404139,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01193{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":90005045,"flow_src_last_pkt_time":287553240,"flow_dst_last_pkt_time":287678696,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":807,"flow_dst_tot_l4_payload_len":4798,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251768320,"flow_src_last_pkt_time":287318727,"flow_dst_last_pkt_time":287699802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.7.155.210","src_port":28681,"dst_port":28365,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251765853,"flow_src_last_pkt_time":287317359,"flow_dst_last_pkt_time":287440578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":110,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.227.193.37","src_port":28681,"dst_port":27481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -5484,18 +5577,12 @@ 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243616544,"flow_src_last_pkt_time":287587254,"flow_dst_last_pkt_time":288106579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.140.63.147","src_port":28681,"dst_port":29545,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251763431,"flow_src_last_pkt_time":287316451,"flow_dst_last_pkt_time":251763431,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.204.130.55","src_port":28681,"dst_port":29545,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3591,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":95716226,"flow_src_last_pkt_time":426377575,"flow_dst_last_pkt_time":426518025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":61,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":165,"midstream":0,"thread_ts_usec":441965442,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00844{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":264769911,"flow_src_last_pkt_time":264769911,"flow_dst_last_pkt_time":265025254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":301,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":301,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":28681,"dst_port":9852,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00757{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":264769911,"flow_src_last_pkt_time":264769911,"flow_dst_last_pkt_time":265025254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":301,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":301,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":28681,"dst_port":9852,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770979,"flow_src_last_pkt_time":264770979,"flow_dst_last_pkt_time":264770979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.3.215.132","src_port":28681,"dst_port":20356,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770979,"flow_src_last_pkt_time":264770979,"flow_dst_last_pkt_time":264770979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.3.215.132","src_port":28681,"dst_port":20356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770348,"flow_src_last_pkt_time":264770348,"flow_dst_last_pkt_time":264770348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"108.44.45.25","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770348,"flow_src_last_pkt_time":264770348,"flow_dst_last_pkt_time":264770348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"108.44.45.25","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264769233,"flow_src_last_pkt_time":264769233,"flow_dst_last_pkt_time":264769233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264769233,"flow_src_last_pkt_time":264769233,"flow_dst_last_pkt_time":264769233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00843{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":264771328,"flow_src_last_pkt_time":264771328,"flow_dst_last_pkt_time":265818202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":303,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.42.210","src_port":28681,"dst_port":5512,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00756{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":264771328,"flow_src_last_pkt_time":264771328,"flow_dst_last_pkt_time":265818202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":303,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.42.210","src_port":28681,"dst_port":5512,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264771658,"flow_src_last_pkt_time":264771658,"flow_dst_last_pkt_time":264771658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.94.41.71","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264771658,"flow_src_last_pkt_time":264771658,"flow_dst_last_pkt_time":264771658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.94.41.71","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01188{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":264769911,"flow_src_last_pkt_time":264769911,"flow_dst_last_pkt_time":265025254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":301,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":301,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":28681,"dst_port":9852,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770979,"flow_src_last_pkt_time":264770979,"flow_dst_last_pkt_time":264770979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.3.215.132","src_port":28681,"dst_port":20356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264770348,"flow_src_last_pkt_time":264770348,"flow_dst_last_pkt_time":264770348,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"108.44.45.25","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264769233,"flow_src_last_pkt_time":264769233,"flow_dst_last_pkt_time":264769233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":264771328,"flow_src_last_pkt_time":264771328,"flow_dst_last_pkt_time":265818202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":303,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.42.210","src_port":28681,"dst_port":5512,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":264771658,"flow_src_last_pkt_time":264771658,"flow_dst_last_pkt_time":264771658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.94.41.71","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":355387386,"flow_src_last_pkt_time":355387386,"flow_dst_last_pkt_time":355387386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.125.218.84","src_port":28681,"dst_port":17561,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":400872943,"flow_src_last_pkt_time":400872943,"flow_dst_last_pkt_time":400901727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":40,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00945{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3613,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":400018839,"flow_src_last_pkt_time":403044600,"flow_dst_last_pkt_time":400018839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":451890537,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":50213,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -5510,8 +5597,7 @@ 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243616097,"flow_src_last_pkt_time":287511110,"flow_dst_last_pkt_time":243616097,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"180.200.236.13","src_port":28681,"dst_port":12082,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287321004,"flow_src_last_pkt_time":287321004,"flow_dst_last_pkt_time":287321004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.234.197.93","src_port":28681,"dst_port":1483,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287321004,"flow_src_last_pkt_time":287321004,"flow_dst_last_pkt_time":287321004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.234.197.93","src_port":28681,"dst_port":1483,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287313271,"flow_src_last_pkt_time":287313271,"flow_dst_last_pkt_time":287313271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.142.109.190","src_port":28681,"dst_port":41370,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287313271,"flow_src_last_pkt_time":287313271,"flow_dst_last_pkt_time":287313271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.142.109.190","src_port":28681,"dst_port":41370,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287313271,"flow_src_last_pkt_time":287313271,"flow_dst_last_pkt_time":287313271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.142.109.190","src_port":28681,"dst_port":41370,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287589463,"flow_src_last_pkt_time":287589463,"flow_dst_last_pkt_time":287589463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.200.235","src_port":28681,"dst_port":2846,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287589463,"flow_src_last_pkt_time":287589463,"flow_dst_last_pkt_time":287589463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.200.235","src_port":28681,"dst_port":2846,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00967{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287444410,"flow_src_last_pkt_time":287444410,"flow_dst_last_pkt_time":287444410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":28681,"dst_port":59016,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -5522,20 +5608,17 @@ 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251763326,"flow_src_last_pkt_time":287316376,"flow_dst_last_pkt_time":251763326,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.199.108","src_port":28681,"dst_port":56040,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01139{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287650717,"flow_src_last_pkt_time":287650717,"flow_dst_last_pkt_time":287650717,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.206.27.26","src_port":28681,"dst_port":6578,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"7":"Match by IP"},"proto":"Tor","proto_id":"163","proto_by_ip":"Tor","proto_by_ip_id":163,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}} 00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287650717,"flow_src_last_pkt_time":287650717,"flow_dst_last_pkt_time":287650717,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.206.27.26","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314350,"flow_src_last_pkt_time":287314350,"flow_dst_last_pkt_time":287314350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.47.223.27","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314350,"flow_src_last_pkt_time":287314350,"flow_dst_last_pkt_time":287314350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.47.223.27","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314350,"flow_src_last_pkt_time":287314350,"flow_dst_last_pkt_time":287314350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.47.223.27","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01191{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":101162745,"flow_src_last_pkt_time":287624798,"flow_dst_last_pkt_time":177309077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":3014,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01190{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":168555545,"flow_src_last_pkt_time":287428135,"flow_dst_last_pkt_time":287464674,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":483,"flow_dst_tot_l4_payload_len":1891,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00844{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251765454,"flow_src_last_pkt_time":287317165,"flow_dst_last_pkt_time":287535563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00757{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251765454,"flow_src_last_pkt_time":287317165,"flow_dst_last_pkt_time":287535563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309338,"flow_src_last_pkt_time":287309338,"flow_dst_last_pkt_time":287309338,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.173.230.98","src_port":28681,"dst_port":19004,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309338,"flow_src_last_pkt_time":287309338,"flow_dst_last_pkt_time":287309338,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.173.230.98","src_port":28681,"dst_port":19004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309338,"flow_src_last_pkt_time":287309338,"flow_dst_last_pkt_time":287309338,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.173.230.98","src_port":28681,"dst_port":19004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00839{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287429914,"flow_src_last_pkt_time":287429914,"flow_dst_last_pkt_time":287624396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.36.249.91","src_port":28681,"dst_port":7190,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287429914,"flow_src_last_pkt_time":287429914,"flow_dst_last_pkt_time":287624396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.36.249.91","src_port":28681,"dst_port":7190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00967{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287651077,"flow_src_last_pkt_time":287651077,"flow_dst_last_pkt_time":287651077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.190.184","src_port":28681,"dst_port":64163,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287651077,"flow_src_last_pkt_time":287651077,"flow_dst_last_pkt_time":287651077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.190.184","src_port":28681,"dst_port":64163,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308993,"flow_src_last_pkt_time":287308993,"flow_dst_last_pkt_time":287308993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.247.89.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308993,"flow_src_last_pkt_time":287308993,"flow_dst_last_pkt_time":287308993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.247.89.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308993,"flow_src_last_pkt_time":287308993,"flow_dst_last_pkt_time":287308993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.247.89.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00943{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":280014541,"flow_src_last_pkt_time":283055110,"flow_dst_last_pkt_time":280014541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57552,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251801646,"flow_src_last_pkt_time":287320078,"flow_dst_last_pkt_time":251801646,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.13.148","src_port":28681,"dst_port":51896,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251801646,"flow_src_last_pkt_time":287320078,"flow_dst_last_pkt_time":251801646,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.13.148","src_port":28681,"dst_port":51896,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -5550,8 +5633,7 @@ 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287511462,"flow_src_last_pkt_time":287511462,"flow_dst_last_pkt_time":287511462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.10.152","src_port":28681,"dst_port":21293,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287485837,"flow_src_last_pkt_time":287485837,"flow_dst_last_pkt_time":287485837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":3227,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287485837,"flow_src_last_pkt_time":287485837,"flow_dst_last_pkt_time":287485837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":3227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315409,"flow_src_last_pkt_time":287315409,"flow_dst_last_pkt_time":287315409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.246.147.72","src_port":28681,"dst_port":4572,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315409,"flow_src_last_pkt_time":287315409,"flow_dst_last_pkt_time":287315409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.246.147.72","src_port":28681,"dst_port":4572,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315409,"flow_src_last_pkt_time":287315409,"flow_dst_last_pkt_time":287315409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.246.147.72","src_port":28681,"dst_port":4572,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287858651,"flow_src_last_pkt_time":287858651,"flow_dst_last_pkt_time":287858651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.199.148.6","src_port":28681,"dst_port":4338,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287858651,"flow_src_last_pkt_time":287858651,"flow_dst_last_pkt_time":287858651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.199.148.6","src_port":28681,"dst_port":4338,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287441868,"flow_src_last_pkt_time":287441868,"flow_dst_last_pkt_time":287441868,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":28681,"dst_port":52274,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -5622,8 +5704,7 @@ 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":288355413,"flow_src_last_pkt_time":288355413,"flow_dst_last_pkt_time":288355413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":48250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287653242,"flow_src_last_pkt_time":287653242,"flow_dst_last_pkt_time":287653242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.14.31","src_port":28681,"dst_port":64871,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287653242,"flow_src_last_pkt_time":287653242,"flow_dst_last_pkt_time":287653242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.14.31","src_port":28681,"dst_port":64871,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310956,"flow_src_last_pkt_time":287310956,"flow_dst_last_pkt_time":287310956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310956,"flow_src_last_pkt_time":287310956,"flow_dst_last_pkt_time":287310956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310956,"flow_src_last_pkt_time":287310956,"flow_dst_last_pkt_time":287310956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251801076,"flow_src_last_pkt_time":287319762,"flow_dst_last_pkt_time":251801076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.18.172.208","src_port":28681,"dst_port":63172,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251801076,"flow_src_last_pkt_time":287319762,"flow_dst_last_pkt_time":251801076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.18.172.208","src_port":28681,"dst_port":63172,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00841{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243616903,"flow_src_last_pkt_time":287526058,"flow_dst_last_pkt_time":287598509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.58.211.52","src_port":28681,"dst_port":3806,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -5633,8 +5714,7 @@ 00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243618410,"flow_src_last_pkt_time":287682903,"flow_dst_last_pkt_time":243618410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.172.10.90","src_port":28681,"dst_port":40162,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243618410,"flow_src_last_pkt_time":287682903,"flow_dst_last_pkt_time":243618410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.172.10.90","src_port":28681,"dst_port":40162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01188{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":124090730,"flow_src_last_pkt_time":287316477,"flow_dst_last_pkt_time":287421199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312421,"flow_src_last_pkt_time":287312421,"flow_dst_last_pkt_time":287312421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"136.32.84.139","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312421,"flow_src_last_pkt_time":287312421,"flow_dst_last_pkt_time":287312421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"136.32.84.139","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312421,"flow_src_last_pkt_time":287312421,"flow_dst_last_pkt_time":287312421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"136.32.84.139","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287485157,"flow_src_last_pkt_time":287485157,"flow_dst_last_pkt_time":287485157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":28681,"dst_port":1630,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287485157,"flow_src_last_pkt_time":287485157,"flow_dst_last_pkt_time":287485157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":28681,"dst_port":1630,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":95923574,"flow_src_last_pkt_time":287443565,"flow_dst_last_pkt_time":95923574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -5689,12 +5769,10 @@ 00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287467263,"flow_src_last_pkt_time":287467263,"flow_dst_last_pkt_time":287467263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.152.218","src_port":28681,"dst_port":51920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287484483,"flow_src_last_pkt_time":287484483,"flow_dst_last_pkt_time":287484483,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":28681,"dst_port":7380,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287484483,"flow_src_last_pkt_time":287484483,"flow_dst_last_pkt_time":287484483,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":28681,"dst_port":7380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312889,"flow_src_last_pkt_time":287312889,"flow_dst_last_pkt_time":287312889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.144.99.73","src_port":28681,"dst_port":10745,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312889,"flow_src_last_pkt_time":287312889,"flow_dst_last_pkt_time":287312889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.144.99.73","src_port":28681,"dst_port":10745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312889,"flow_src_last_pkt_time":287312889,"flow_dst_last_pkt_time":287312889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.144.99.73","src_port":28681,"dst_port":10745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00840{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287427173,"flow_src_last_pkt_time":287427173,"flow_dst_last_pkt_time":287642779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.83.5","src_port":28681,"dst_port":10624,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287427173,"flow_src_last_pkt_time":287427173,"flow_dst_last_pkt_time":287642779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.83.5","src_port":28681,"dst_port":10624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314783,"flow_src_last_pkt_time":287314783,"flow_dst_last_pkt_time":287314783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.196.216.12","src_port":28681,"dst_port":58910,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314783,"flow_src_last_pkt_time":287314783,"flow_dst_last_pkt_time":287314783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.196.216.12","src_port":28681,"dst_port":58910,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314783,"flow_src_last_pkt_time":287314783,"flow_dst_last_pkt_time":287314783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.196.216.12","src_port":28681,"dst_port":58910,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287385994,"flow_src_last_pkt_time":287385994,"flow_dst_last_pkt_time":287385994,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.118.77","src_port":28681,"dst_port":56562,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287385994,"flow_src_last_pkt_time":287385994,"flow_dst_last_pkt_time":287385994,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.118.77","src_port":28681,"dst_port":56562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251764559,"flow_src_last_pkt_time":287316810,"flow_dst_last_pkt_time":251764559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.70.199.107","src_port":28681,"dst_port":60475,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -5722,8 +5800,7 @@ 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287511284,"flow_src_last_pkt_time":287511284,"flow_dst_last_pkt_time":287511284,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":28681,"dst_port":49803,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287526491,"flow_src_last_pkt_time":287526491,"flow_dst_last_pkt_time":287526491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.127.1.235","src_port":28681,"dst_port":37814,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287526491,"flow_src_last_pkt_time":287526491,"flow_dst_last_pkt_time":287526491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.127.1.235","src_port":28681,"dst_port":37814,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00841{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287310365,"flow_src_last_pkt_time":287310365,"flow_dst_last_pkt_time":287954302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":306,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":306,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.161.80.82","src_port":28681,"dst_port":8656,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287310365,"flow_src_last_pkt_time":287310365,"flow_dst_last_pkt_time":287954302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":306,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":306,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.161.80.82","src_port":28681,"dst_port":8656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287310365,"flow_src_last_pkt_time":287310365,"flow_dst_last_pkt_time":287954302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":306,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":306,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.161.80.82","src_port":28681,"dst_port":8656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287496192,"flow_src_last_pkt_time":287496192,"flow_dst_last_pkt_time":287496192,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":28681,"dst_port":49815,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287496192,"flow_src_last_pkt_time":287496192,"flow_dst_last_pkt_time":287496192,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":28681,"dst_port":49815,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00840{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":243617811,"flow_src_last_pkt_time":287381889,"flow_dst_last_pkt_time":288007245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.64.6.175","src_port":28681,"dst_port":4743,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -5740,18 +5817,15 @@ 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766760,"flow_src_last_pkt_time":287317745,"flow_dst_last_pkt_time":251766760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.241.112.255","src_port":28681,"dst_port":14766,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287320411,"flow_src_last_pkt_time":287320411,"flow_dst_last_pkt_time":287320411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.250.32","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287320411,"flow_src_last_pkt_time":287320411,"flow_dst_last_pkt_time":287320411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.250.32","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00840{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287312193,"flow_src_last_pkt_time":287312193,"flow_dst_last_pkt_time":288223001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":320,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":320,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.2.62.28","src_port":28681,"dst_port":6387,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287312193,"flow_src_last_pkt_time":287312193,"flow_dst_last_pkt_time":288223001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":320,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":320,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.2.62.28","src_port":28681,"dst_port":6387,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308439,"flow_src_last_pkt_time":287308439,"flow_dst_last_pkt_time":287308439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.210.81.59","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308439,"flow_src_last_pkt_time":287308439,"flow_dst_last_pkt_time":287308439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.210.81.59","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287312193,"flow_src_last_pkt_time":287312193,"flow_dst_last_pkt_time":288223001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":320,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":320,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.2.62.28","src_port":28681,"dst_port":6387,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287308439,"flow_src_last_pkt_time":287308439,"flow_dst_last_pkt_time":287308439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.210.81.59","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243615643,"flow_src_last_pkt_time":287318910,"flow_dst_last_pkt_time":243615643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.182.136.42","src_port":28681,"dst_port":27873,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243615643,"flow_src_last_pkt_time":287318910,"flow_dst_last_pkt_time":243615643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.182.136.42","src_port":28681,"dst_port":27873,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766427,"flow_src_last_pkt_time":287317645,"flow_dst_last_pkt_time":251766427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.153.206.183","src_port":28681,"dst_port":16919,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766427,"flow_src_last_pkt_time":287317645,"flow_dst_last_pkt_time":251766427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.153.206.183","src_port":28681,"dst_port":16919,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766030,"flow_src_last_pkt_time":287317454,"flow_dst_last_pkt_time":251766030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.127.26.138","src_port":28681,"dst_port":3083,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251766030,"flow_src_last_pkt_time":287317454,"flow_dst_last_pkt_time":251766030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.127.26.138","src_port":28681,"dst_port":3083,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310048,"flow_src_last_pkt_time":287310048,"flow_dst_last_pkt_time":287310048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"8.44.149.207","src_port":28681,"dst_port":30551,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310048,"flow_src_last_pkt_time":287310048,"flow_dst_last_pkt_time":287310048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"8.44.149.207","src_port":28681,"dst_port":30551,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310048,"flow_src_last_pkt_time":287310048,"flow_dst_last_pkt_time":287310048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"8.44.149.207","src_port":28681,"dst_port":30551,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":90039956,"flow_src_last_pkt_time":287497328,"flow_dst_last_pkt_time":90039956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":271,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287652154,"flow_src_last_pkt_time":287652154,"flow_dst_last_pkt_time":287652154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.192.83.59","src_port":28681,"dst_port":33513,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287652154,"flow_src_last_pkt_time":287652154,"flow_dst_last_pkt_time":287652154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.192.83.59","src_port":28681,"dst_port":33513,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -5810,8 +5884,7 @@ 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287654311,"flow_src_last_pkt_time":287654311,"flow_dst_last_pkt_time":287654311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.129.86.65","src_port":28681,"dst_port":49723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287383122,"flow_src_last_pkt_time":287383122,"flow_dst_last_pkt_time":287383122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.105.52.2","src_port":28681,"dst_port":6831,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287383122,"flow_src_last_pkt_time":287383122,"flow_dst_last_pkt_time":287383122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.105.52.2","src_port":28681,"dst_port":6831,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311908,"flow_src_last_pkt_time":287311908,"flow_dst_last_pkt_time":287311908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.203.45.107","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311908,"flow_src_last_pkt_time":287311908,"flow_dst_last_pkt_time":287311908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.203.45.107","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311908,"flow_src_last_pkt_time":287311908,"flow_dst_last_pkt_time":287311908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.203.45.107","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287498759,"flow_src_last_pkt_time":287498759,"flow_dst_last_pkt_time":287498759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":28681,"dst_port":7849,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287498759,"flow_src_last_pkt_time":287498759,"flow_dst_last_pkt_time":287498759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":28681,"dst_port":7849,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287698888,"flow_src_last_pkt_time":287698888,"flow_dst_last_pkt_time":287698888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.47.227.91","src_port":28681,"dst_port":54463,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -5869,10 +5942,8 @@ 00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287648701,"flow_src_last_pkt_time":287648701,"flow_dst_last_pkt_time":287648701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":55050,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287428427,"flow_src_last_pkt_time":287428427,"flow_dst_last_pkt_time":287428427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":35004,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287428427,"flow_src_last_pkt_time":287428427,"flow_dst_last_pkt_time":287428427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":35004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311299,"flow_src_last_pkt_time":287311299,"flow_dst_last_pkt_time":287311299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.156.58.211","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311299,"flow_src_last_pkt_time":287311299,"flow_dst_last_pkt_time":287311299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.156.58.211","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312665,"flow_src_last_pkt_time":287312665,"flow_dst_last_pkt_time":287312665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.4.204.220","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312665,"flow_src_last_pkt_time":287312665,"flow_dst_last_pkt_time":287312665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.4.204.220","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287311299,"flow_src_last_pkt_time":287311299,"flow_dst_last_pkt_time":287311299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.156.58.211","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287312665,"flow_src_last_pkt_time":287312665,"flow_dst_last_pkt_time":287312665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.4.204.220","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287622813,"flow_src_last_pkt_time":287622813,"flow_dst_last_pkt_time":287622813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.14.143.237","src_port":28681,"dst_port":13965,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287622813,"flow_src_last_pkt_time":287622813,"flow_dst_last_pkt_time":287622813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.14.143.237","src_port":28681,"dst_port":13965,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00843{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287532984,"flow_src_last_pkt_time":287836880,"flow_dst_last_pkt_time":288223086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.59.117.166","src_port":28681,"dst_port":33192,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -5890,8 +5961,7 @@ 00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287466034,"flow_src_last_pkt_time":287466034,"flow_dst_last_pkt_time":287466034,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.10.174.159","src_port":28681,"dst_port":4841,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287466034,"flow_src_last_pkt_time":287466034,"flow_dst_last_pkt_time":287466034,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.10.174.159","src_port":28681,"dst_port":4841,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":89829492,"flow_src_last_pkt_time":287526703,"flow_dst_last_pkt_time":89829492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":271,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314573,"flow_src_last_pkt_time":287314573,"flow_dst_last_pkt_time":287314573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"209.204.207.5","src_port":28681,"dst_port":49256,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314573,"flow_src_last_pkt_time":287314573,"flow_dst_last_pkt_time":287314573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"209.204.207.5","src_port":28681,"dst_port":49256,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314573,"flow_src_last_pkt_time":287314573,"flow_dst_last_pkt_time":287314573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"209.204.207.5","src_port":28681,"dst_port":49256,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287858940,"flow_src_last_pkt_time":287858940,"flow_dst_last_pkt_time":287858940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.91.201","src_port":28681,"dst_port":4297,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287858940,"flow_src_last_pkt_time":287858940,"flow_dst_last_pkt_time":287858940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.91.201","src_port":28681,"dst_port":4297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00843{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287496358,"flow_src_last_pkt_time":287714018,"flow_dst_last_pkt_time":288483516,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.62.225.181","src_port":28681,"dst_port":46843,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -5914,8 +5984,7 @@ 00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287424448,"flow_src_last_pkt_time":287424448,"flow_dst_last_pkt_time":287697275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.17.132.18","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00967{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287619767,"flow_src_last_pkt_time":287619767,"flow_dst_last_pkt_time":287619767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"150.116.225.105","src_port":28681,"dst_port":51438,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287619767,"flow_src_last_pkt_time":287619767,"flow_dst_last_pkt_time":287619767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"150.116.225.105","src_port":28681,"dst_port":51438,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316018,"flow_src_last_pkt_time":287316018,"flow_dst_last_pkt_time":287316018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316018,"flow_src_last_pkt_time":287316018,"flow_dst_last_pkt_time":287316018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316018,"flow_src_last_pkt_time":287316018,"flow_dst_last_pkt_time":287316018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287681933,"flow_src_last_pkt_time":287681933,"flow_dst_last_pkt_time":287681933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.71.72.88","src_port":28681,"dst_port":58808,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287681933,"flow_src_last_pkt_time":287681933,"flow_dst_last_pkt_time":287681933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.71.72.88","src_port":28681,"dst_port":58808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287525885,"flow_src_last_pkt_time":287525885,"flow_dst_last_pkt_time":287525885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":28681,"dst_port":10791,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -5943,18 +6012,14 @@ 00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287387000,"flow_src_last_pkt_time":287557061,"flow_dst_last_pkt_time":287752626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":28681,"dst_port":8890,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287620673,"flow_src_last_pkt_time":287620673,"flow_dst_last_pkt_time":287620673,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.227.198.100","src_port":28681,"dst_port":6910,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287620673,"flow_src_last_pkt_time":287620673,"flow_dst_last_pkt_time":287620673,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.227.198.100","src_port":28681,"dst_port":6910,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310684,"flow_src_last_pkt_time":287310684,"flow_dst_last_pkt_time":287310684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.143.34.225","src_port":28681,"dst_port":20071,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310684,"flow_src_last_pkt_time":287310684,"flow_dst_last_pkt_time":287310684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.143.34.225","src_port":28681,"dst_port":20071,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287310684,"flow_src_last_pkt_time":287310684,"flow_dst_last_pkt_time":287310684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.143.34.225","src_port":28681,"dst_port":20071,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287385508,"flow_src_last_pkt_time":287385508,"flow_dst_last_pkt_time":287385508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.176.62.40","src_port":28681,"dst_port":52755,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287385508,"flow_src_last_pkt_time":287385508,"flow_dst_last_pkt_time":287385508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.176.62.40","src_port":28681,"dst_port":52755,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314979,"flow_src_last_pkt_time":287314979,"flow_dst_last_pkt_time":287314979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.114.40.175","src_port":28681,"dst_port":23552,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314979,"flow_src_last_pkt_time":287314979,"flow_dst_last_pkt_time":287314979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.114.40.175","src_port":28681,"dst_port":23552,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314979,"flow_src_last_pkt_time":287314979,"flow_dst_last_pkt_time":287314979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.114.40.175","src_port":28681,"dst_port":23552,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442230,"flow_src_last_pkt_time":287442230,"flow_dst_last_pkt_time":287442230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":59875,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442230,"flow_src_last_pkt_time":287442230,"flow_dst_last_pkt_time":287442230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":59875,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00843{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287315710,"flow_src_last_pkt_time":287315710,"flow_dst_last_pkt_time":288490528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":314,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":314,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.162.27","src_port":28681,"dst_port":7986,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00756{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287315710,"flow_src_last_pkt_time":287315710,"flow_dst_last_pkt_time":288490528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":314,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":314,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.162.27","src_port":28681,"dst_port":7986,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316233,"flow_src_last_pkt_time":287316233,"flow_dst_last_pkt_time":287316233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":28681,"dst_port":8070,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316233,"flow_src_last_pkt_time":287316233,"flow_dst_last_pkt_time":287316233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":28681,"dst_port":8070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":287315710,"flow_src_last_pkt_time":287315710,"flow_dst_last_pkt_time":288490528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":314,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":314,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.162.27","src_port":28681,"dst_port":7986,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287316233,"flow_src_last_pkt_time":287316233,"flow_dst_last_pkt_time":287316233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":28681,"dst_port":8070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00967{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442550,"flow_src_last_pkt_time":287442550,"flow_dst_last_pkt_time":287442550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.200.161","src_port":28681,"dst_port":65274,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287442550,"flow_src_last_pkt_time":287442550,"flow_dst_last_pkt_time":287442550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.200.161","src_port":28681,"dst_port":65274,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01191{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":90005045,"flow_src_last_pkt_time":287553240,"flow_dst_last_pkt_time":287678696,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":807,"flow_dst_tot_l4_payload_len":4798,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -6001,20 +6066,17 @@ 00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251764380,"flow_src_last_pkt_time":287316765,"flow_dst_last_pkt_time":251764380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.165.153.100","src_port":28681,"dst_port":4509,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251764380,"flow_src_last_pkt_time":287316765,"flow_dst_last_pkt_time":251764380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.165.153.100","src_port":28681,"dst_port":4509,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01188{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":90138420,"flow_src_last_pkt_time":287441093,"flow_dst_last_pkt_time":287483363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":645,"flow_dst_tot_l4_payload_len":3345,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314125,"flow_src_last_pkt_time":287314125,"flow_dst_last_pkt_time":287314125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.94.85.113","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314125,"flow_src_last_pkt_time":287314125,"flow_dst_last_pkt_time":287314125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.94.85.113","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314125,"flow_src_last_pkt_time":287314125,"flow_dst_last_pkt_time":287314125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.94.85.113","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287523680,"flow_src_last_pkt_time":287523680,"flow_dst_last_pkt_time":287523680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.139.21.182","src_port":28681,"dst_port":50110,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287523680,"flow_src_last_pkt_time":287523680,"flow_dst_last_pkt_time":287523680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.139.21.182","src_port":28681,"dst_port":50110,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309691,"flow_src_last_pkt_time":287309691,"flow_dst_last_pkt_time":287309691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.100.76.123","src_port":28681,"dst_port":39628,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309691,"flow_src_last_pkt_time":287309691,"flow_dst_last_pkt_time":287309691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.100.76.123","src_port":28681,"dst_port":39628,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287309691,"flow_src_last_pkt_time":287309691,"flow_dst_last_pkt_time":287309691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.100.76.123","src_port":28681,"dst_port":39628,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00841{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287386762,"flow_src_last_pkt_time":291154795,"flow_dst_last_pkt_time":294825827,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.89.249.8","src_port":28681,"dst_port":50649,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":287386762,"flow_src_last_pkt_time":291154795,"flow_dst_last_pkt_time":294825827,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.89.249.8","src_port":28681,"dst_port":50649,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243619673,"flow_src_last_pkt_time":287426068,"flow_dst_last_pkt_time":243619673,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.115.158.103","src_port":28681,"dst_port":5110,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":243619673,"flow_src_last_pkt_time":287426068,"flow_dst_last_pkt_time":243619673,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.115.158.103","src_port":28681,"dst_port":5110,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00842{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251768524,"flow_src_last_pkt_time":287318821,"flow_dst_last_pkt_time":287532561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"101.128.66.8","src_port":28681,"dst_port":34512,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":251768524,"flow_src_last_pkt_time":287318821,"flow_dst_last_pkt_time":287532561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":84,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"101.128.66.8","src_port":28681,"dst_port":34512,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00967{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315207,"flow_src_last_pkt_time":287315207,"flow_dst_last_pkt_time":287315207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.137.106.173","src_port":28681,"dst_port":11625,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315207,"flow_src_last_pkt_time":287315207,"flow_dst_last_pkt_time":287315207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.137.106.173","src_port":28681,"dst_port":11625,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287315207,"flow_src_last_pkt_time":287315207,"flow_dst_last_pkt_time":287315207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.137.106.173","src_port":28681,"dst_port":11625,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00967{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287320529,"flow_src_last_pkt_time":287320529,"flow_dst_last_pkt_time":287320529,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.152.218","src_port":28681,"dst_port":51153,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287320529,"flow_src_last_pkt_time":287320529,"flow_dst_last_pkt_time":287320529,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.247.152.218","src_port":28681,"dst_port":51153,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251801900,"flow_src_last_pkt_time":287320181,"flow_dst_last_pkt_time":251801900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.74.26","src_port":28681,"dst_port":65498,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -6065,101 +6127,101 @@ 00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287625031,"flow_src_last_pkt_time":287625031,"flow_dst_last_pkt_time":287625031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.215.130.156","src_port":28681,"dst_port":12405,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287625031,"flow_src_last_pkt_time":287625031,"flow_dst_last_pkt_time":287625031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.215.130.156","src_port":28681,"dst_port":12405,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287341251,"flow_src_last_pkt_time":320291193,"flow_dst_last_pkt_time":287341251,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.184.29.35","src_port":28681,"dst_port":30582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":312956911,"flow_src_last_pkt_time":431830157,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":312956911,"flow_src_last_pkt_time":431830157,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339588,"flow_src_last_pkt_time":320290592,"flow_dst_last_pkt_time":287339588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.229.185.60","src_port":28681,"dst_port":6898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312957614,"flow_src_last_pkt_time":431829020,"flow_dst_last_pkt_time":312957614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":433136298,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":433137196,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":431831095,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":431831496,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":431829784,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00749{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":311752229,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312957614,"flow_src_last_pkt_time":431829020,"flow_dst_last_pkt_time":312957614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":433136298,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":433137196,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":431831095,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":431831496,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":431829784,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":311752229,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356130,"flow_src_last_pkt_time":320291674,"flow_dst_last_pkt_time":287356130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":3259,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":431828440,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":373495642,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":431830029,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":431828440,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":373495642,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":431830029,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00898{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":12513795,"flow_src_last_pkt_time":14765980,"flow_dst_last_pkt_time":12513795,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287341465,"flow_src_last_pkt_time":320291340,"flow_dst_last_pkt_time":287341465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49867,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339216,"flow_src_last_pkt_time":320290510,"flow_dst_last_pkt_time":287339216,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":28681,"dst_port":51497,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339727,"flow_src_last_pkt_time":320290625,"flow_dst_last_pkt_time":287339727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":54436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01067{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431178093,"flow_src_last_pkt_time":431178093,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":431829093,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":431829093,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287357163,"flow_src_last_pkt_time":320292378,"flow_dst_last_pkt_time":287357163,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.119.242.110","src_port":28681,"dst_port":59879,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":431829532,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":431829532,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340857,"flow_src_last_pkt_time":320291054,"flow_dst_last_pkt_time":287340857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":28681,"dst_port":51675,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":371839164,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":373496723,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":373496486,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":71536330,"flow_src_last_pkt_time":350798579,"flow_dst_last_pkt_time":351075803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":371839164,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":373496723,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":373496486,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":71536330,"flow_src_last_pkt_time":350798579,"flow_dst_last_pkt_time":351075803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287355840,"flow_src_last_pkt_time":320291559,"flow_dst_last_pkt_time":287355840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.24.129.230","src_port":28681,"dst_port":14766,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356336,"flow_src_last_pkt_time":320291809,"flow_dst_last_pkt_time":287356336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":28681,"dst_port":20387,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":371836228,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":371836228,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":287424215,"flow_src_last_pkt_time":350982053,"flow_dst_last_pkt_time":351110333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.239.173.18","src_port":28681,"dst_port":23327,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":433134887,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":431830649,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":431830264,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":431830813,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":433134887,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":431830649,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":431830264,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":431830813,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340413,"flow_src_last_pkt_time":320290815,"flow_dst_last_pkt_time":287340413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.41.253","src_port":28681,"dst_port":14339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":312957456,"flow_src_last_pkt_time":433137328,"flow_dst_last_pkt_time":312957456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.115.218.152","src_port":28681,"dst_port":5900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":312957456,"flow_src_last_pkt_time":433137328,"flow_dst_last_pkt_time":312957456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.115.218.152","src_port":28681,"dst_port":5900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340201,"flow_src_last_pkt_time":320290703,"flow_dst_last_pkt_time":287340201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.167.222.160","src_port":28681,"dst_port":56121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356722,"flow_src_last_pkt_time":320292178,"flow_dst_last_pkt_time":287356722,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.105.52.2","src_port":28681,"dst_port":6466,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356436,"flow_src_last_pkt_time":320292020,"flow_dst_last_pkt_time":287356436,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":28681,"dst_port":49787,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":433134578,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":433134578,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356915,"flow_src_last_pkt_time":320292278,"flow_dst_last_pkt_time":287356915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":28681,"dst_port":53883,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287311602,"flow_src_last_pkt_time":433135644,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":433135893,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":433137069,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":431831712,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287311602,"flow_src_last_pkt_time":433135644,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":433135893,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":433137069,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":431831712,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356820,"flow_src_last_pkt_time":320292204,"flow_dst_last_pkt_time":287356820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":55080,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433136175,"flow_src_last_pkt_time":433136175,"flow_dst_last_pkt_time":433136175,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433136175,"flow_src_last_pkt_time":433136175,"flow_dst_last_pkt_time":433136175,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287338845,"flow_src_last_pkt_time":320290433,"flow_dst_last_pkt_time":287338845,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":28681,"dst_port":57929,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340558,"flow_src_last_pkt_time":320290853,"flow_dst_last_pkt_time":287340558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.14.143.237","src_port":28681,"dst_port":7510,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287341361,"flow_src_last_pkt_time":320291262,"flow_dst_last_pkt_time":287341361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.49.159.77","src_port":28681,"dst_port":55915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":433136506,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312956768,"flow_src_last_pkt_time":373497401,"flow_dst_last_pkt_time":312956768,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00750{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":373494945,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":433136506,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312956768,"flow_src_last_pkt_time":373497401,"flow_dst_last_pkt_time":312956768,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":373494945,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287573220,"flow_src_last_pkt_time":320293048,"flow_dst_last_pkt_time":287573220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.163","src_port":28681,"dst_port":6594,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":371836608,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":431830990,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":431829667,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":311750486,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":371836608,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":431830990,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":431829667,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":311750486,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356242,"flow_src_last_pkt_time":320291740,"flow_dst_last_pkt_time":287356242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.203.72.224","src_port":28681,"dst_port":55577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287338641,"flow_src_last_pkt_time":320290371,"flow_dst_last_pkt_time":287338641,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":28681,"dst_port":58442,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":431831610,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":431831610,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340314,"flow_src_last_pkt_time":320290768,"flow_dst_last_pkt_time":287340314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.200.235","src_port":28681,"dst_port":2034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312961164,"flow_src_last_pkt_time":312961164,"flow_dst_last_pkt_time":312961164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.140.96","src_port":28681,"dst_port":14400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":373496852,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":373497174,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312961164,"flow_src_last_pkt_time":312961164,"flow_dst_last_pkt_time":312961164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.140.96","src_port":28681,"dst_port":14400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":373496852,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":373497174,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340060,"flow_src_last_pkt_time":320290682,"flow_dst_last_pkt_time":287340060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":28681,"dst_port":10655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":431829362,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":311749833,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":431829362,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":311749833,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339383,"flow_src_last_pkt_time":320290529,"flow_dst_last_pkt_time":287339383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":28681,"dst_port":10677,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287635205,"flow_src_last_pkt_time":320293343,"flow_dst_last_pkt_time":287635205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.189.72.230","src_port":28681,"dst_port":8161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":371838412,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431830401,"flow_src_last_pkt_time":431830401,"flow_dst_last_pkt_time":431830401,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":371838412,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431830401,"flow_src_last_pkt_time":431830401,"flow_dst_last_pkt_time":431830401,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356009,"flow_src_last_pkt_time":320291601,"flow_dst_last_pkt_time":287356009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.250.6.59","src_port":28681,"dst_port":60012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":433135172,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":371838692,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":433135172,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":371838692,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340969,"flow_src_last_pkt_time":320291125,"flow_dst_last_pkt_time":287340969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.39.159.60","src_port":28681,"dst_port":56896,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":311749691,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":311749691,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287356560,"flow_src_last_pkt_time":320292115,"flow_dst_last_pkt_time":287356560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":28681,"dst_port":53163,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":371838970,"flow_src_last_pkt_time":371838970,"flow_dst_last_pkt_time":371838970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":431831362,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":431828596,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":431829891,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":433136941,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":373494060,"flow_src_last_pkt_time":433136748,"flow_dst_last_pkt_time":373494060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.68.255","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":373495794,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":371838970,"flow_src_last_pkt_time":371838970,"flow_dst_last_pkt_time":371838970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":431831362,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":431828596,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":431829891,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":433136941,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01076{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":373494060,"flow_src_last_pkt_time":433136748,"flow_dst_last_pkt_time":373494060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.68.255","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":373495794,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287357051,"flow_src_last_pkt_time":320292316,"flow_dst_last_pkt_time":287357051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.238.173.128","src_port":28681,"dst_port":57466,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433135408,"flow_src_last_pkt_time":433135408,"flow_dst_last_pkt_time":433135408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433135408,"flow_src_last_pkt_time":433135408,"flow_dst_last_pkt_time":433135408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340758,"flow_src_last_pkt_time":320290989,"flow_dst_last_pkt_time":287340758,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":28681,"dst_port":11141,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287341591,"flow_src_last_pkt_time":320291446,"flow_dst_last_pkt_time":287341591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":43316,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339043,"flow_src_last_pkt_time":320290446,"flow_dst_last_pkt_time":287339043,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.167.248.220","src_port":28681,"dst_port":59304,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":431830502,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":373496286,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431829260,"flow_src_last_pkt_time":431829260,"flow_dst_last_pkt_time":431829260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":431830502,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":373496286,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431829260,"flow_src_last_pkt_time":431829260,"flow_dst_last_pkt_time":431829260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340655,"flow_src_last_pkt_time":320290899,"flow_dst_last_pkt_time":287340655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":28681,"dst_port":52131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":431831202,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":431831202,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3637,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":487301830,"flow_src_last_pkt_time":487301830,"flow_dst_last_pkt_time":487301830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":487301830,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3637,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":765,"flow_packet_id":1,"flow_src_last_pkt_time":487301830,"flow_dst_last_pkt_time":487301830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":487301830,"pkt":"UlQAEjUCCAAn5uVZCABFAAA5AskAAIAR5hYKAAIP1eVv4HAJEwwAJWwB0z8xAk+Gsu3\/0VASOMQWAwABAAYAAADDg0dVRUA="} 00872{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3640,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":765,"flow_packet_id":2,"flow_src_last_pkt_time":487301830,"flow_dst_last_pkt_time":490657488,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_usec":490657488,"pkt":"CAAn5uVZUlQAEjUCCABFAAEyELoAAEARFy3V5W\/gCgACDxMMcAkBHg6l0z8xAk+Gsu3\/0VASOMQWAwEBAP8AAAAME9Xlb+AAAAAACAAAAMMCVkNFR1RLR2IDR1VFQQICVVBDAmoHAkRVQ4BRAQNUTFNAA0RIVEMAAAEDSVBQgnRH760SH1uvticLsTJMdzcce09JPuG1+7ZWgcRUuyYtQVcYST\/c7pFS94KcOSoCxIJ28cw9ZqkOyP\/lwpB7bj2pxS5hU7eUuiLKG8EGyhhJwOftzCVWmRVdWI9U05cwYStNOtM03g5ZSzQTurO5u0qt8dBUR\/M8woYfFPiT8ncyOu6VxxnfEYQSolvbVQpTXSJ89NMro1t6dWROMiMBQdngzUdEQl6ER0VwaTQColtBtufo0h6HSVBQX1RMU0MYQGA="} @@ -6213,19 +6275,15 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3677,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_packet_id":3,"flow_src_last_pkt_time":491977146,"flow_dst_last_pkt_time":373494060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":491977146,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0M5kAAIARjK4KAAIPKWRE\/3AJMiYAIIFUR05EEEBJAQFUC1FLUlAGUk5BXS\/iNQlw"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3690,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":4,"flow_src_last_pkt_time":491980175,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":491980175,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0taIAAIARR0kKAAIPbYTEOnAJGMoAINdHR05EEEBWAQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3693,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_packet_id":2,"flow_src_last_pkt_time":491980650,"flow_dst_last_pkt_time":371838970,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":491980650,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05JYAAIARi20KAAIPU4ZrIHAJl7QAIMtyR05EEEBZAQFUC1FLUlAGUk5BXS\/iNQlw"} -00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":311752229,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":311752229,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":311750486,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":311750486,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":311749833,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":311749833,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":311749691,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":311749691,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01178{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70230940,"flow_src_last_pkt_time":311752229,"flow_dst_last_pkt_time":70230940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.50.24.2","src_port":28681,"dst_port":17874,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058634,"flow_src_last_pkt_time":311750486,"flow_dst_last_pkt_time":82058634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":72848739,"flow_src_last_pkt_time":311749833,"flow_dst_last_pkt_time":72848739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82058913,"flow_src_last_pkt_time":311749691,"flow_dst_last_pkt_time":82058913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01194{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":90072798,"flow_src_last_pkt_time":320293489,"flow_dst_last_pkt_time":287667256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":4554,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":253025155,"flow_src_last_pkt_time":433136626,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":253025433,"flow_src_last_pkt_time":433135784,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.68.45.203","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":253025155,"flow_src_last_pkt_time":433136626,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":253025433,"flow_src_last_pkt_time":433135784,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.68.45.203","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":243617373,"flow_src_last_pkt_time":365428420,"flow_dst_last_pkt_time":365474471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":77,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.71.243.60","src_port":28681,"dst_port":34498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251734977,"flow_src_last_pkt_time":381404139,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251734977,"flow_src_last_pkt_time":381404139,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3695,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":95716226,"flow_src_last_pkt_time":426377575,"flow_dst_last_pkt_time":426518025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":61,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":165,"midstream":0,"thread_ts_usec":492041948,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3699,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":5,"flow_src_last_pkt_time":493283238,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":493283238,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0v9EAAIARvTAKAAIPc0U+Y3AJGMoAIFdZR05EEEBbAQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3701,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":5,"flow_src_last_pkt_time":493283576,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":493283576,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0rs8AAIAR+csKAAIPWEQty3AJGMoAIILwR05EEEBdAQFUC1FLUlAGUk5BXS\/iNQlw"} @@ -6236,23 +6294,32 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3712,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_packet_id":3,"flow_src_last_pkt_time":493286206,"flow_dst_last_pkt_time":312956768,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":493286206,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0JvMAAIARngIKAAIPTp8bFnAJRJsAIHNuR05EEEBoAQFUC1FLUlAGUk5BXS\/iNQlw"} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3713,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493286408,"flow_src_last_pkt_time":493286408,"flow_dst_last_pkt_time":493286408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":493286408,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3713,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":785,"flow_packet_id":1,"flow_src_last_pkt_time":493286408,"flow_dst_last_pkt_time":493286408,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":493286408,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0K1UAAIARx6cKAAIPsIaLJ3AJGMoAIM1FR05EEEBpAQFUC1FLUlAGUk5BXS\/iNQlw"} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3713,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493286408,"flow_src_last_pkt_time":493286408,"flow_dst_last_pkt_time":493286408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":493286408,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3714,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_packet_id":4,"flow_src_last_pkt_time":493286521,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":493286521,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0mm8AAIARSEYKAAIPQ8EINHAJlrgAID8PR05EEEBqAQFUC1FLUlAGUk5BXS\/iNQlw"} 00750{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3717,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493286950,"flow_src_last_pkt_time":493286950,"flow_dst_last_pkt_time":493286950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":493286950,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3717,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":786,"flow_packet_id":1,"flow_src_last_pkt_time":493286950,"flow_dst_last_pkt_time":493286950,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":493286950,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0IoIAAIARkLAKAAIPciYJUnAJXp8AIEeiR05EEEBtAQFUC1FLUlAGUk5BXS\/iNQlw"} +01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3717,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493286950,"flow_src_last_pkt_time":493286950,"flow_dst_last_pkt_time":493286950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":493286950,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3718,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287114,"flow_src_last_pkt_time":493287114,"flow_dst_last_pkt_time":493287114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":493287114,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3718,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":787,"flow_packet_id":1,"flow_src_last_pkt_time":493287114,"flow_dst_last_pkt_time":493287114,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":493287114,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xr0AAIAREI4KAAIP3IV62XAJW6IAIG63R05EEEBuAQFUC1FLUlAGUk5BXS\/iNQlw"} +01147{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3718,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287114,"flow_src_last_pkt_time":493287114,"flow_dst_last_pkt_time":493287114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":493287114,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3719,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287365,"flow_src_last_pkt_time":493287365,"flow_dst_last_pkt_time":493287365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":493287365,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3719,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":788,"flow_packet_id":1,"flow_src_last_pkt_time":493287365,"flow_dst_last_pkt_time":493287365,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":493287365,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0nSsAAIARDaYKAAIP3IanUnAJFrwAIIciR05EEEBvAQFUC1FLUlAGUk5BXS\/iNQlw"} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3719,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287365,"flow_src_last_pkt_time":493287365,"flow_dst_last_pkt_time":493287365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":493287365,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3720,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287531,"flow_src_last_pkt_time":493287531,"flow_dst_last_pkt_time":493287531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":493287531,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3720,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":789,"flow_packet_id":1,"flow_src_last_pkt_time":493287531,"flow_dst_last_pkt_time":493287531,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":493287531,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0RlkAAIARSm8KAAIPKmJzgHAJW6IAICgyR05EEEBwAQFUC1FLUlAGUk5BXS\/iNQlw"} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3720,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287531,"flow_src_last_pkt_time":493287531,"flow_dst_last_pkt_time":493287531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":493287531,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3721,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288007,"flow_src_last_pkt_time":493288007,"flow_dst_last_pkt_time":493288007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":493288007,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3721,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":790,"flow_packet_id":1,"flow_src_last_pkt_time":493288007,"flow_dst_last_pkt_time":493288007,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":493288007,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0oV8AAIARir0KAAIP2qQn6XAJUXcAIM2wR05EEEBxAQFUC1FLUlAGUk5BXS\/iNQlw"} +01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3721,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288007,"flow_src_last_pkt_time":493288007,"flow_dst_last_pkt_time":493288007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":493288007,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288174,"flow_src_last_pkt_time":493288174,"flow_dst_last_pkt_time":493288174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":493288174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":791,"flow_packet_id":1,"flow_src_last_pkt_time":493288174,"flow_dst_last_pkt_time":493288174,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":493288174,"pkt":"UlQAEjUCCAAn5uVZCABFAAA09nUAAIARUYoKAAIP21ULVXAJKeIAIBEoR05EEEByAQFUC1FLUlAGUk5BXS\/iNQlw"} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3722,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288174,"flow_src_last_pkt_time":493288174,"flow_dst_last_pkt_time":493288174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":493288174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3723,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288388,"flow_src_last_pkt_time":493288388,"flow_dst_last_pkt_time":493288388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":493288388,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3723,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":792,"flow_packet_id":1,"flow_src_last_pkt_time":493288388,"flow_dst_last_pkt_time":493288388,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":493288388,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0MewAAIARAj0KAAIPJO\/VknAJVPYAINI7R05EEEBzAQFUC1FLUlAGUk5BXS\/iNQlw"} +01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3723,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288388,"flow_src_last_pkt_time":493288388,"flow_dst_last_pkt_time":493288388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":493288388,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3724,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288490,"flow_src_last_pkt_time":493288490,"flow_dst_last_pkt_time":493288490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":493288490,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3724,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":793,"flow_packet_id":1,"flow_src_last_pkt_time":493288490,"flow_dst_last_pkt_time":493288490,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":493288490,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bokAAIARxe0KAAIPe81+ZnAJFEkAIBM2R05EEEB0AQFUC1FLUlAGUk5BXS\/iNQlw"} +01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3724,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288490,"flow_src_last_pkt_time":493288490,"flow_dst_last_pkt_time":493288490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":493288490,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3732,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287341251,"flow_src_last_pkt_time":320291193,"flow_dst_last_pkt_time":287341251,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":503074636,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.184.29.35","src_port":28681,"dst_port":30582,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3732,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287341251,"flow_src_last_pkt_time":320291193,"flow_dst_last_pkt_time":287341251,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":503074636,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.184.29.35","src_port":28681,"dst_port":30582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3732,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339588,"flow_src_last_pkt_time":320290592,"flow_dst_last_pkt_time":287339588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":503074636,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.229.185.60","src_port":28681,"dst_port":6898,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -6300,8 +6367,7 @@ 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3732,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287338641,"flow_src_last_pkt_time":320290371,"flow_dst_last_pkt_time":287338641,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":503074636,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":28681,"dst_port":58442,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3732,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340314,"flow_src_last_pkt_time":320290768,"flow_dst_last_pkt_time":287340314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":503074636,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.200.235","src_port":28681,"dst_port":2034,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3732,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340314,"flow_src_last_pkt_time":320290768,"flow_dst_last_pkt_time":287340314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":503074636,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.200.235","src_port":28681,"dst_port":2034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3732,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312961164,"flow_src_last_pkt_time":312961164,"flow_dst_last_pkt_time":312961164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":503074636,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.140.96","src_port":28681,"dst_port":14400,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3732,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312961164,"flow_src_last_pkt_time":312961164,"flow_dst_last_pkt_time":312961164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":503074636,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.140.96","src_port":28681,"dst_port":14400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3732,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":312961164,"flow_src_last_pkt_time":312961164,"flow_dst_last_pkt_time":312961164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":503074636,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.140.96","src_port":28681,"dst_port":14400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3732,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340060,"flow_src_last_pkt_time":320290682,"flow_dst_last_pkt_time":287340060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":503074636,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":28681,"dst_port":10655,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3732,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287340060,"flow_src_last_pkt_time":320290682,"flow_dst_last_pkt_time":287340060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":503074636,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":28681,"dst_port":10655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3732,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":287339383,"flow_src_last_pkt_time":320290529,"flow_dst_last_pkt_time":287339383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":503074636,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":28681,"dst_port":10677,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -6334,67 +6400,66 @@ 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3743,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":2,"flow_src_last_pkt_time":521048856,"flow_dst_last_pkt_time":520019755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":521048856,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4LwAAAER3F0KAAIP7\/\/\/+sQmB2wAtikITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3744,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":3,"flow_src_last_pkt_time":522076302,"flow_dst_last_pkt_time":520019755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":522076302,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4L0AAAER3FwKAAIP7\/\/\/+sQmB2wAtikITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3745,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":4,"flow_src_last_pkt_time":523077357,"flow_dst_last_pkt_time":520019755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":523077357,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4L4AAAER3FsKAAIP7\/\/\/+sQmB2wAtikITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312956911,"flow_src_last_pkt_time":493286521,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312957614,"flow_src_last_pkt_time":431829020,"flow_dst_last_pkt_time":312957614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":491978426,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":433137196,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":431831095,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":491979236,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":493283105,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":491977799,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":373495642,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":431830029,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312956911,"flow_src_last_pkt_time":493286521,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312957614,"flow_src_last_pkt_time":431829020,"flow_dst_last_pkt_time":312957614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":491978426,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":433137196,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":431831095,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":491979236,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":493283105,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":491977799,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":373495642,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":431830029,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01067{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431178093,"flow_src_last_pkt_time":431178093,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":493286629,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":491978824,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":371839164,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":493285649,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":493285407,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":71536330,"flow_src_last_pkt_time":350798579,"flow_dst_last_pkt_time":351075803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":491978008,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":493286629,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":491978824,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":371839164,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":493285649,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":493285407,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":71536330,"flow_src_last_pkt_time":350798579,"flow_dst_last_pkt_time":351075803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":491978008,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":287424215,"flow_src_last_pkt_time":350982053,"flow_dst_last_pkt_time":351110333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.239.173.18","src_port":28681,"dst_port":23327,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":433134887,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":491979649,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":491979825,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":491979432,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":312957456,"flow_src_last_pkt_time":433137328,"flow_dst_last_pkt_time":312957456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.115.218.152","src_port":28681,"dst_port":5900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":433134578,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":287311602,"flow_src_last_pkt_time":491976929,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":433135893,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":493284702,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":491978225,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433136175,"flow_src_last_pkt_time":433136175,"flow_dst_last_pkt_time":433136175,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":433136506,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":312956768,"flow_src_last_pkt_time":493286206,"flow_dst_last_pkt_time":312956768,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":493284151,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":491977472,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":493286750,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":491978642,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":491978996,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":493285866,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":493286026,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":493284473,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":491980175,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431830401,"flow_src_last_pkt_time":431830401,"flow_dst_last_pkt_time":431830401,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":493284310,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":491980338,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":371838970,"flow_src_last_pkt_time":491980650,"flow_dst_last_pkt_time":371838970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":431831362,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":431828596,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":493285220,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":433134887,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":491979649,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":491979825,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":491979432,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":312957456,"flow_src_last_pkt_time":433137328,"flow_dst_last_pkt_time":312957456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.115.218.152","src_port":28681,"dst_port":5900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":433134578,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":287311602,"flow_src_last_pkt_time":491976929,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":433135893,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":493284702,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":491978225,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433136175,"flow_src_last_pkt_time":433136175,"flow_dst_last_pkt_time":433136175,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":433136506,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":312956768,"flow_src_last_pkt_time":493286206,"flow_dst_last_pkt_time":312956768,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":493284151,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":491977472,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":493286750,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":491978642,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":491978996,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":493285866,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":493286026,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":493284473,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":491980175,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431830401,"flow_src_last_pkt_time":431830401,"flow_dst_last_pkt_time":431830401,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":493284310,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":491980338,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":371838970,"flow_src_last_pkt_time":491980650,"flow_dst_last_pkt_time":371838970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":431831362,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":431828596,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":493285220,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01035{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":490916095,"flow_src_last_pkt_time":490916095,"flow_dst_last_pkt_time":490916095,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"65.182.231.232","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":493283238,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":373494060,"flow_src_last_pkt_time":491977146,"flow_dst_last_pkt_time":373494060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.68.255","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":373495794,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433135408,"flow_src_last_pkt_time":433135408,"flow_dst_last_pkt_time":433135408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":491980468,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":493284992,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431829260,"flow_src_last_pkt_time":431829260,"flow_dst_last_pkt_time":431829260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":493283376,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":493283238,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01076{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":373494060,"flow_src_last_pkt_time":491977146,"flow_dst_last_pkt_time":373494060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.68.255","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":373495794,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433135408,"flow_src_last_pkt_time":433135408,"flow_dst_last_pkt_time":433135408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":491980468,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":493284992,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431829260,"flow_src_last_pkt_time":431829260,"flow_dst_last_pkt_time":431829260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3750,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":493283376,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":527138931,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":355387386,"flow_src_last_pkt_time":355387386,"flow_dst_last_pkt_time":355387386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.125.218.84","src_port":28681,"dst_port":17561,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":355387386,"flow_src_last_pkt_time":355387386,"flow_dst_last_pkt_time":355387386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.125.218.84","src_port":28681,"dst_port":17561,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00842{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":71536330,"flow_src_last_pkt_time":350798579,"flow_dst_last_pkt_time":351075803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":71536330,"flow_src_last_pkt_time":350798579,"flow_dst_last_pkt_time":351075803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":71536330,"flow_src_last_pkt_time":350798579,"flow_dst_last_pkt_time":351075803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.222.14.170","src_port":28681,"dst_port":23332,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00842{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":287424215,"flow_src_last_pkt_time":350982053,"flow_dst_last_pkt_time":351110333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.239.173.18","src_port":28681,"dst_port":23327,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":287424215,"flow_src_last_pkt_time":350982053,"flow_dst_last_pkt_time":351110333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.239.173.18","src_port":28681,"dst_port":23327,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00843{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":243617373,"flow_src_last_pkt_time":365428420,"flow_dst_last_pkt_time":365474471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":77,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":186,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.71.243.60","src_port":28681,"dst_port":34498,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -6407,29 +6472,29 @@ 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":490660023,"flow_src_last_pkt_time":490660023,"flow_dst_last_pkt_time":490660023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.65.217.224","src_port":28681,"dst_port":18381,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":490658810,"flow_src_last_pkt_time":490658810,"flow_dst_last_pkt_time":490991311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":28681,"dst_port":37058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00760{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":487301830,"flow_src_last_pkt_time":487301830,"flow_dst_last_pkt_time":490657488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":278,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287114,"flow_src_last_pkt_time":493287114,"flow_dst_last_pkt_time":493287114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288490,"flow_src_last_pkt_time":493288490,"flow_dst_last_pkt_time":493288490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287114,"flow_src_last_pkt_time":493287114,"flow_dst_last_pkt_time":493287114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288490,"flow_src_last_pkt_time":493288490,"flow_dst_last_pkt_time":493288490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":491496121,"flow_src_last_pkt_time":491496121,"flow_dst_last_pkt_time":491496121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"23.19.141.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":490659991,"flow_src_last_pkt_time":490659991,"flow_dst_last_pkt_time":490659991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.149","src_port":28681,"dst_port":6599,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288388,"flow_src_last_pkt_time":493288388,"flow_dst_last_pkt_time":493288388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":253025155,"flow_src_last_pkt_time":433136626,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288388,"flow_src_last_pkt_time":493288388,"flow_dst_last_pkt_time":493288388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":253025155,"flow_src_last_pkt_time":433136626,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":490659443,"flow_src_last_pkt_time":490659443,"flow_dst_last_pkt_time":490659443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.27.193.6","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493286950,"flow_src_last_pkt_time":493286950,"flow_dst_last_pkt_time":493286950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493286950,"flow_src_last_pkt_time":493286950,"flow_dst_last_pkt_time":493286950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":490660023,"flow_src_last_pkt_time":490660023,"flow_dst_last_pkt_time":490873972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.105.52.2","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":490660023,"flow_src_last_pkt_time":490660023,"flow_dst_last_pkt_time":490660023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"65.182.231.232","src_port":28681,"dst_port":7890,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":253025433,"flow_src_last_pkt_time":493283576,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.68.45.203","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":253025433,"flow_src_last_pkt_time":493283576,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.68.45.203","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":490659046,"flow_src_last_pkt_time":490659046,"flow_dst_last_pkt_time":490659046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.110.61.169","src_port":28681,"dst_port":11973,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":490660023,"flow_src_last_pkt_time":490660023,"flow_dst_last_pkt_time":490939326,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.17.132.18","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287365,"flow_src_last_pkt_time":493287365,"flow_dst_last_pkt_time":493287365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287531,"flow_src_last_pkt_time":493287531,"flow_dst_last_pkt_time":493287531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287365,"flow_src_last_pkt_time":493287365,"flow_dst_last_pkt_time":493287365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287531,"flow_src_last_pkt_time":493287531,"flow_dst_last_pkt_time":493287531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":490659611,"flow_src_last_pkt_time":490659611,"flow_dst_last_pkt_time":490659611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.192.231.237","src_port":28681,"dst_port":9676,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":490659223,"flow_src_last_pkt_time":490659223,"flow_dst_last_pkt_time":490846962,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":28681,"dst_port":8890,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251734977,"flow_src_last_pkt_time":381404139,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288007,"flow_src_last_pkt_time":493288007,"flow_dst_last_pkt_time":493288007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251734977,"flow_src_last_pkt_time":381404139,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288007,"flow_src_last_pkt_time":493288007,"flow_dst_last_pkt_time":493288007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":490658312,"flow_src_last_pkt_time":490658312,"flow_dst_last_pkt_time":490658312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.119.55.28","src_port":28681,"dst_port":20347,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493286408,"flow_src_last_pkt_time":493286408,"flow_dst_last_pkt_time":493286408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493286408,"flow_src_last_pkt_time":493286408,"flow_dst_last_pkt_time":493286408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":490660023,"flow_src_last_pkt_time":490660023,"flow_dst_last_pkt_time":490660023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.66.94.132","src_port":28681,"dst_port":17735,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288174,"flow_src_last_pkt_time":493288174,"flow_dst_last_pkt_time":493288174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288174,"flow_src_last_pkt_time":493288174,"flow_dst_last_pkt_time":493288174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":95716226,"flow_src_last_pkt_time":426377575,"flow_dst_last_pkt_time":426518025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":61,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":165,"midstream":0,"thread_ts_usec":547763485,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3778,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":768,"flow_packet_id":3,"flow_src_last_pkt_time":548240082,"flow_dst_last_pkt_time":490991311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":548240082,"pkt":"UlQAEjUCCAAn5uVZCABFAAA5ti0AAIARacoKAAIPDsj\/5XAJkMIAJToVhUMxAqfmQqb\/HOa6fwGLAwABAAYAAADDg0dVRUA="} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3779,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":768,"flow_packet_id":4,"flow_src_last_pkt_time":548240082,"flow_dst_last_pkt_time":548572473,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"thread_ts_usec":548572473,"pkt":"CAAn5uVZUlQAEjUCCABFAABqEiMAAEARTaQOyP\/lCgACD5DCcAkAVkkphUMxAqfmQqb\/HOa6fwGLAwEBADcAAADCkA7I\/+WyNgAAAAAgAMMDREhUQwAAAgJEVUPyFAEDR1VFQANMT0NDZW4AA1RMU0CCVVBDAAAE"} @@ -6447,10 +6512,12 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3795,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_packet_id":4,"flow_src_last_pkt_time":551890239,"flow_dst_last_pkt_time":373494060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":551890239,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0M5oAAIARjK0KAAIPKWRE\/3AJMiYAIIEnR05EEEB2AQFUC1FLUlAGUk5BXS\/iNQlw"} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3796,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":551890376,"flow_src_last_pkt_time":551890376,"flow_dst_last_pkt_time":551890376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":551890376,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3796,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":795,"flow_packet_id":1,"flow_src_last_pkt_time":551890376,"flow_dst_last_pkt_time":551890376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":551890376,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0tpcAAIARiEQKAAIP1XgaVnAJdPoAILzmR05EEEB3AQFUC1FLUlAGUk5BXS\/iNQlw"} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3796,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":551890376,"flow_src_last_pkt_time":551890376,"flow_dst_last_pkt_time":551890376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":551890376,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3798,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":5,"flow_src_last_pkt_time":551890628,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":551890628,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0uoQAAIARu5UKAAIPXFhcOHAJUhEAIBcMR05EEEB5AQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3802,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":4,"flow_src_last_pkt_time":551891091,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":551891091,"pkt":"UlQAEjUCCAAn5uVZCABFAAA022wAAIARFCMKAAIPStL0SHAJGMoAIMnER05EEEB9AQFUC1FLUlAGUk5BXS\/iNQlw"} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3812,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":551892012,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":551892012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":551892012,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3812,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":796,"flow_packet_id":1,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":551892012,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":551892012,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0J3oAAIARnW8KAAIPKfk\/yHAJWDYAIF+oR05EEECHAQFUC1FLUlAGUk5BXS\/iNQlw"} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3812,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":551892012,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":551892012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":551892012,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3816,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":5,"flow_src_last_pkt_time":551892013,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":551892013,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0fvwAAIAR6tkKAAIPmgMq0XAJGMoAIEP9R05EEECLAQFUC1FLUlAGUk5BXS\/iNQlw"} 00718{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3817,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":552011039,"flow_src_last_pkt_time":552011039,"flow_dst_last_pkt_time":552011039,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":552011039,"l3_proto":"ip4","src_ip":"154.3.42.209","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3817,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":797,"flow_packet_id":1,"flow_src_last_pkt_time":552011039,"flow_dst_last_pkt_time":552011039,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":552011039,"pkt":"CAAn5uVZUlQAEjUCCABFwABQEicAAH8BV+OaAyrRCgACDwMDzhEAAAAARQAANH78AAB\/EevZCgACD5oDKtFwCRjKACBD\/UdORBBAiwEBVAtRS1JQBlJOQV0v4jUJcA=="} @@ -6458,72 +6525,68 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3818,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":781,"flow_packet_id":4,"flow_src_last_pkt_time":551881619,"flow_dst_last_pkt_time":552092880,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":552092880,"pkt":"CAAn5uVZUlQAEjUCCABFAABJEigAAEARuAJwaTQCCgACD1uicAkANZuMbKYxAvsfW2T\/qR3jmLqfAwEBABYAAACiW3BpNAIfAAAAAACAAMOCVVBDAQEB"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3822,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_packet_id":4,"flow_src_last_pkt_time":553212305,"flow_dst_last_pkt_time":312956768,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":553212305,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0JvQAAIARngEKAAIPTp8bFnAJRJsAIHNKR05EEECMAQFUC1FLUlAGUk5BXS\/iNQlw"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3823,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_packet_id":4,"flow_src_last_pkt_time":553212469,"flow_dst_last_pkt_time":312957456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":553212469,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0D1MAAIARtksKAAIPjnPamHAJFwwAIKGBR05EEECNAQFUC1FLUlAGUk5BXS\/iNQlw"} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3835,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":373495642,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":554967545,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3835,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":373495642,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":554967545,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3835,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":371839164,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":554967545,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3835,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":371839164,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":554967545,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3835,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":373495794,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":554967545,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3835,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":373495794,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":554967545,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3835,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82063897,"flow_src_last_pkt_time":373495642,"flow_dst_last_pkt_time":82063897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":554967545,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3835,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":82063378,"flow_src_last_pkt_time":371839164,"flow_dst_last_pkt_time":82063378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":554967545,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3835,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82064863,"flow_src_last_pkt_time":373495794,"flow_dst_last_pkt_time":82064863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":554967545,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01190{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3835,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":400872943,"flow_src_last_pkt_time":400872943,"flow_dst_last_pkt_time":400901727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":40,"midstream":0,"thread_ts_usec":554967545,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00945{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3835,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":400018839,"flow_src_last_pkt_time":403044600,"flow_dst_last_pkt_time":400018839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":554967545,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":50213,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3835,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":399168972,"flow_src_last_pkt_time":399168972,"flow_dst_last_pkt_time":399265426,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":40,"midstream":0,"thread_ts_usec":554967545,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":53258,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3843,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251734977,"flow_src_last_pkt_time":381404139,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":568531706,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3843,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251734977,"flow_src_last_pkt_time":381404139,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":568531706,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3843,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251734977,"flow_src_last_pkt_time":381404139,"flow_dst_last_pkt_time":251734977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":568531706,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00945{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3843,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":520019755,"flow_src_last_pkt_time":523077357,"flow_dst_last_pkt_time":520019755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":568531706,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":50214,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01035{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3843,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":490916095,"flow_src_last_pkt_time":490916095,"flow_dst_last_pkt_time":490916095,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":568531706,"l3_proto":"ip4","src_ip":"65.182.231.232","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01188{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":400872943,"flow_src_last_pkt_time":400872943,"flow_dst_last_pkt_time":400901727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":40,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01187{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":399168972,"flow_src_last_pkt_time":399168972,"flow_dst_last_pkt_time":399265426,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":40,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":53258,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312956911,"flow_src_last_pkt_time":493286521,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312957614,"flow_src_last_pkt_time":431829020,"flow_dst_last_pkt_time":312957614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":433137196,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":551891672,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":491979236,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":551891223,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":431830029,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312956911,"flow_src_last_pkt_time":493286521,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312957614,"flow_src_last_pkt_time":431829020,"flow_dst_last_pkt_time":312957614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":433137196,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":551891672,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":491979236,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":551891223,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":431830029,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01067{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431178093,"flow_src_last_pkt_time":431178093,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":553212697,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":551891417,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":493285649,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":493285407,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":551891299,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":551890628,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":553213068,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":551890119,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":553212536,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312957456,"flow_src_last_pkt_time":553212469,"flow_dst_last_pkt_time":312957456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.115.218.152","src_port":28681,"dst_port":5900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":553212996,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":287311602,"flow_src_last_pkt_time":551891091,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":433135893,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":493284702,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":491978225,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433136175,"flow_src_last_pkt_time":433136175,"flow_dst_last_pkt_time":433136175,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312956768,"flow_src_last_pkt_time":553212305,"flow_dst_last_pkt_time":312956768,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00751{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":493284151,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":551892013,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":551890738,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":551890466,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":551890943,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":493285866,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":493286026,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":491980175,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431830401,"flow_src_last_pkt_time":431830401,"flow_dst_last_pkt_time":431830401,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":553212772,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":551891799,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":371838970,"flow_src_last_pkt_time":491980650,"flow_dst_last_pkt_time":371838970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":551891992,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":551890853,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":551891491,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00752{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":493283238,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":373494060,"flow_src_last_pkt_time":551890239,"flow_dst_last_pkt_time":373494060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.68.255","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433135408,"flow_src_last_pkt_time":433135408,"flow_dst_last_pkt_time":433135408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00754{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":491980468,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00753{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":493284992,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00755{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431829260,"flow_src_last_pkt_time":431829260,"flow_dst_last_pkt_time":431829260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00756{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":553212866,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":553212697,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":551891417,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":493285649,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":493285407,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":551891299,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":551890628,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":553213068,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":551890119,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":553212536,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312957456,"flow_src_last_pkt_time":553212469,"flow_dst_last_pkt_time":312957456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.115.218.152","src_port":28681,"dst_port":5900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":553212996,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":287311602,"flow_src_last_pkt_time":551891091,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":433135893,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":493284702,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":491978225,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433136175,"flow_src_last_pkt_time":433136175,"flow_dst_last_pkt_time":433136175,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312956768,"flow_src_last_pkt_time":553212305,"flow_dst_last_pkt_time":312956768,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":493284151,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":551892013,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":551890738,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":551890466,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":551890943,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":493285866,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":493286026,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":491980175,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431830401,"flow_src_last_pkt_time":431830401,"flow_dst_last_pkt_time":431830401,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":553212772,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":551891799,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":371838970,"flow_src_last_pkt_time":491980650,"flow_dst_last_pkt_time":371838970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":551891992,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":551890853,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":551891491,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":493283238,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01076{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":373494060,"flow_src_last_pkt_time":551890239,"flow_dst_last_pkt_time":373494060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.68.255","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433135408,"flow_src_last_pkt_time":433135408,"flow_dst_last_pkt_time":433135408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":491980468,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":493284992,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431829260,"flow_src_last_pkt_time":431829260,"flow_dst_last_pkt_time":431829260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01187{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3853,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":553212866,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":581778930,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00943{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3861,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":400018839,"flow_src_last_pkt_time":403044600,"flow_dst_last_pkt_time":400018839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":591044638,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":50213,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01033{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3861,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":552011039,"flow_src_last_pkt_time":552011039,"flow_dst_last_pkt_time":552011039,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":591044638,"l3_proto":"ip4","src_ip":"154.3.42.209","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3896,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":798,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":595449220,"flow_src_last_pkt_time":595449220,"flow_dst_last_pkt_time":595449220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":595449220,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -6542,25 +6605,18 @@ 00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3901,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":599426218,"flow_src_last_pkt_time":599426218,"flow_dst_last_pkt_time":599426218,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599426218,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3902,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":799,"flow_packet_id":2,"flow_src_last_pkt_time":599529292,"flow_dst_last_pkt_time":599415510,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":834,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":834,"pkt_l4_len":780,"thread_ts_usec":599529292,"pkt":"MzMAAAAMCAAn5uVZht1gB0PFAwwRAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAM+dYOdgMMdjk8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvQnllPC93c2E6QWN0aW9uPjx3c2E6TWVzc2FnZUlEPnVybjp1dWlkOjk4Zjc0ZjcxLTZkZmMtNDYxMi05YzNjLTVjNTgwZWI4MzU5Njwvd3NhOk1lc3NhZ2VJRD48d3NkOkFwcFNlcXVlbmNlIEluc3RhbmNlSWQ9IjQ2IiBTZXF1ZW5jZUlkPSJ1cm46dXVpZDo3NjczODllMC1lZTlhLTRjMWMtYjkwMi0yMGNiODFkMjAzZTAiIE1lc3NhZ2VOdW1iZXI9IjUiPjwvd3NkOkFwcFNlcXVlbmNlPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOkJ5ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDo3NDdmM2Q5Ni02OGE3LTQzZjEtOGNiZS1lOGQ2ZGFkZDAzNTg8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOkJ5ZT48L3NvYXA6Qm9keT48L3NvYXA6RW52ZWxvcGU+"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3903,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_packet_id":2,"flow_src_last_pkt_time":599747316,"flow_dst_last_pkt_time":599426218,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_usec":599747316,"pkt":"MzMAAAAWCAAn5uVZht1gAAAAACQAAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAOKkAAAAAQMAAAD\/AgAAAAAAAAAAAAAAAAAM"} -00595{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3904,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","packets-captured":3904,"packets-processed":3882,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":472,"total-guessed-flows":4,"total-detected-flows":174,"total-detection-updates":5,"total-updates":2519,"current-active-flows":169,"total-active-flows":801,"total-idle-flows":632,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6545,"global_ts_usec":600247140} +00595{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3904,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","packets-captured":3904,"packets-processed":3882,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":309,"total-guessed-flows":3,"total-detected-flows":401,"total-detection-updates":5,"total-updates":2519,"current-active-flows":169,"total-active-flows":801,"total-idle-flows":632,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6608,"global_ts_usec":600247140} 00957{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":65062972,"flow_src_last_pkt_time":74093030,"flow_dst_last_pkt_time":65062972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.17.124.40","src_port":50212,"dst_port":6776,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00745{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":65062972,"flow_src_last_pkt_time":74093030,"flow_dst_last_pkt_time":65062972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.17.124.40","src_port":50212,"dst_port":6776,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312956911,"flow_src_last_pkt_time":493286521,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312956911,"flow_src_last_pkt_time":493286521,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312957614,"flow_src_last_pkt_time":431829020,"flow_dst_last_pkt_time":312957614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312957614,"flow_src_last_pkt_time":431829020,"flow_dst_last_pkt_time":312957614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":433137196,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":433137196,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312956911,"flow_src_last_pkt_time":493286521,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":312957614,"flow_src_last_pkt_time":431829020,"flow_dst_last_pkt_time":312957614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72850420,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":72850420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.141.219.27","src_port":28681,"dst_port":37580,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82059658,"flow_src_last_pkt_time":433137196,"flow_dst_last_pkt_time":82059658,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00843{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":490660023,"flow_src_last_pkt_time":551702829,"flow_dst_last_pkt_time":551880698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.244.211.43","src_port":28681,"dst_port":23459,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00756{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":490660023,"flow_src_last_pkt_time":551702829,"flow_dst_last_pkt_time":551880698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.244.211.43","src_port":28681,"dst_port":23459,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":491979236,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":491979236,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":551891672,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":551891672,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":82062444,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":82062444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82062320,"flow_src_last_pkt_time":491979236,"flow_dst_last_pkt_time":82062320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":71540581,"flow_src_last_pkt_time":551891672,"flow_dst_last_pkt_time":71540581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":89733458,"flow_src_last_pkt_time":98763140,"flow_dst_last_pkt_time":89733458,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.195.236.249","src_port":50289,"dst_port":18557,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":89733458,"flow_src_last_pkt_time":98763140,"flow_dst_last_pkt_time":89733458,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.195.236.249","src_port":50289,"dst_port":18557,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":800,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":599415868,"flow_src_last_pkt_time":599415868,"flow_dst_last_pkt_time":599415868,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":772,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":772,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":772,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63957,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -6571,14 +6627,12 @@ 01083{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":69,"flow_first_seen":90742816,"flow_src_last_pkt_time":593652028,"flow_dst_last_pkt_time":593652028,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":599,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3017,"flow_dst_tot_l4_payload_len":6754,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50300,"dst_port":11852,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00840{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":490658663,"flow_src_last_pkt_time":490658663,"flow_dst_last_pkt_time":490773349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":28681,"dst_port":16201,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":490658663,"flow_src_last_pkt_time":490658663,"flow_dst_last_pkt_time":490773349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":28681,"dst_port":16201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":551891223,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":551891223,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":131671537,"flow_src_last_pkt_time":551891223,"flow_dst_last_pkt_time":131671537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":68110677,"flow_src_last_pkt_time":77138828,"flow_dst_last_pkt_time":68110677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.68.138.207","src_port":50231,"dst_port":45079,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":68110677,"flow_src_last_pkt_time":77138828,"flow_dst_last_pkt_time":68110677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.68.138.207","src_port":50231,"dst_port":45079,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":85607814,"flow_src_last_pkt_time":94638448,"flow_dst_last_pkt_time":85607814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.174.18.115","src_port":50274,"dst_port":50679,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":85607814,"flow_src_last_pkt_time":94638448,"flow_dst_last_pkt_time":85607814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.174.18.115","src_port":50274,"dst_port":50679,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":431830029,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":431830029,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":83520153,"flow_src_last_pkt_time":431830029,"flow_dst_last_pkt_time":83520153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":490660023,"flow_src_last_pkt_time":490660023,"flow_dst_last_pkt_time":490660023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.117.100.78","src_port":28681,"dst_port":9010,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":490660023,"flow_src_last_pkt_time":490660023,"flow_dst_last_pkt_time":490660023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.117.100.78","src_port":28681,"dst_port":9010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00841{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":490659760,"flow_src_last_pkt_time":490659760,"flow_dst_last_pkt_time":490696108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.153.21.93","src_port":28681,"dst_port":36696,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -6597,26 +6651,19 @@ 00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":88705517,"flow_src_last_pkt_time":97732221,"flow_dst_last_pkt_time":88705517,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.118.116.198","src_port":50286,"dst_port":44616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":431178093,"flow_src_last_pkt_time":599325330,"flow_dst_last_pkt_time":431178093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":402,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} 00943{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":798,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":595449220,"flow_src_last_pkt_time":598465934,"flow_dst_last_pkt_time":595449220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":274,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":553212697,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":553212697,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71541038,"flow_src_last_pkt_time":553212697,"flow_dst_last_pkt_time":71541038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00958{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":69141655,"flow_src_last_pkt_time":78169222,"flow_dst_last_pkt_time":69141655,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":50233,"dst_port":12854,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00746{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":69141655,"flow_src_last_pkt_time":78169222,"flow_dst_last_pkt_time":69141655,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":50233,"dst_port":12854,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":75359352,"flow_src_last_pkt_time":84388302,"flow_dst_last_pkt_time":75359352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.250.32","src_port":50265,"dst_port":52647,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":75359352,"flow_src_last_pkt_time":84388302,"flow_dst_last_pkt_time":75359352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.250.32","src_port":50265,"dst_port":52647,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":551892012,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":551892012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":551892012,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":551892012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00967{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287114,"flow_src_last_pkt_time":493287114,"flow_dst_last_pkt_time":493287114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287114,"flow_src_last_pkt_time":493287114,"flow_dst_last_pkt_time":493287114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":551892012,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":551892012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01186{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287114,"flow_src_last_pkt_time":493287114,"flow_dst_last_pkt_time":493287114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":86641393,"flow_src_last_pkt_time":95653938,"flow_dst_last_pkt_time":86641393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.91.201","src_port":50279,"dst_port":4297,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":86641393,"flow_src_last_pkt_time":95653938,"flow_dst_last_pkt_time":86641393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.91.201","src_port":50279,"dst_port":4297,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":551891417,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":551891417,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288490,"flow_src_last_pkt_time":493288490,"flow_dst_last_pkt_time":493288490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288490,"flow_src_last_pkt_time":493288490,"flow_dst_last_pkt_time":493288490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":493285649,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":493285649,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":493285407,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":493285407,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":71540885,"flow_src_last_pkt_time":551891417,"flow_dst_last_pkt_time":71540885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.120.243.143","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288490,"flow_src_last_pkt_time":493288490,"flow_dst_last_pkt_time":493288490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82060552,"flow_src_last_pkt_time":493285649,"flow_dst_last_pkt_time":82060552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":312956203,"flow_src_last_pkt_time":493285407,"flow_dst_last_pkt_time":312956203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00922{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":599426218,"flow_src_last_pkt_time":599747316,"flow_dst_last_pkt_time":599426218,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72267129,"flow_src_last_pkt_time":81278710,"flow_dst_last_pkt_time":72267129,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":50254,"dst_port":49046,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72267129,"flow_src_last_pkt_time":81278710,"flow_dst_last_pkt_time":72267129,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":50254,"dst_port":49046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -6626,40 +6673,30 @@ 00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":67094277,"flow_src_last_pkt_time":76122571,"flow_dst_last_pkt_time":67094277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.167.248.220","src_port":50223,"dst_port":63108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":66078714,"flow_src_last_pkt_time":75077268,"flow_dst_last_pkt_time":66078714,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.247.94","src_port":50218,"dst_port":59045,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":66078714,"flow_src_last_pkt_time":75077268,"flow_dst_last_pkt_time":66078714,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.247.94","src_port":50218,"dst_port":59045,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":551891299,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":551891299,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71540138,"flow_src_last_pkt_time":551891299,"flow_dst_last_pkt_time":71540138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.65.141.157","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":65061649,"flow_src_last_pkt_time":74093071,"flow_dst_last_pkt_time":65061649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":50209,"dst_port":49587,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":65061649,"flow_src_last_pkt_time":74093071,"flow_dst_last_pkt_time":65061649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":50209,"dst_port":49587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00957{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":67094863,"flow_src_last_pkt_time":76122465,"flow_dst_last_pkt_time":67094863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.125.63.97","src_port":50224,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00745{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":67094863,"flow_src_last_pkt_time":76122465,"flow_dst_last_pkt_time":67094863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.125.63.97","src_port":50224,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":551890628,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":551890628,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":551890119,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":551890119,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":553213068,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":553213068,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82062863,"flow_src_last_pkt_time":551890628,"flow_dst_last_pkt_time":82062863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":82063260,"flow_src_last_pkt_time":551890119,"flow_dst_last_pkt_time":82063260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72853366,"flow_src_last_pkt_time":553213068,"flow_dst_last_pkt_time":72853366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.226.142","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":68108638,"flow_src_last_pkt_time":77122396,"flow_dst_last_pkt_time":68108638,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.246.157.94","src_port":50227,"dst_port":51175,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":68108638,"flow_src_last_pkt_time":77122396,"flow_dst_last_pkt_time":68108638,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.246.157.94","src_port":50227,"dst_port":51175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":553212536,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":553212536,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312957456,"flow_src_last_pkt_time":553212469,"flow_dst_last_pkt_time":312957456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.115.218.152","src_port":28681,"dst_port":5900,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312957456,"flow_src_last_pkt_time":553212469,"flow_dst_last_pkt_time":312957456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.115.218.152","src_port":28681,"dst_port":5900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":553212996,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":553212996,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72853723,"flow_src_last_pkt_time":553212536,"flow_dst_last_pkt_time":72853723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"172.97.199.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312957456,"flow_src_last_pkt_time":553212469,"flow_dst_last_pkt_time":312957456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.115.218.152","src_port":28681,"dst_port":5900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72849569,"flow_src_last_pkt_time":553212996,"flow_dst_last_pkt_time":72849569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.69.159.133","src_port":28681,"dst_port":28000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":66077295,"flow_src_last_pkt_time":75077318,"flow_dst_last_pkt_time":66077295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.244.64.237","src_port":50215,"dst_port":4704,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":66077295,"flow_src_last_pkt_time":75077318,"flow_dst_last_pkt_time":66077295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.244.64.237","src_port":50215,"dst_port":4704,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00957{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":68110208,"flow_src_last_pkt_time":77122514,"flow_dst_last_pkt_time":68110208,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":50230,"dst_port":17296,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00745{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":68110208,"flow_src_last_pkt_time":77122514,"flow_dst_last_pkt_time":68110208,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":50230,"dst_port":17296,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":287311602,"flow_src_last_pkt_time":551891091,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":287311602,"flow_src_last_pkt_time":551891091,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":433135893,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":433135893,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":287311602,"flow_src_last_pkt_time":551891091,"flow_dst_last_pkt_time":287311602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":70230046,"flow_src_last_pkt_time":433135893,"flow_dst_last_pkt_time":70230046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.138.20.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":89732915,"flow_src_last_pkt_time":98763268,"flow_dst_last_pkt_time":89732915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.119.55.28","src_port":50288,"dst_port":20347,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":89732915,"flow_src_last_pkt_time":98763268,"flow_dst_last_pkt_time":89732915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.119.55.28","src_port":50288,"dst_port":20347,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00958{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":64033019,"flow_src_last_pkt_time":73064966,"flow_dst_last_pkt_time":64033019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.78.171.204","src_port":50207,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00746{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":64033019,"flow_src_last_pkt_time":73064966,"flow_dst_last_pkt_time":64033019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.78.171.204","src_port":50207,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":493284702,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":493284702,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82061705,"flow_src_last_pkt_time":493284702,"flow_dst_last_pkt_time":82061705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00958{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":90744632,"flow_src_last_pkt_time":99778400,"flow_dst_last_pkt_time":90744632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":50305,"dst_port":63637,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00746{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":90744632,"flow_src_last_pkt_time":99778400,"flow_dst_last_pkt_time":90744632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":50305,"dst_port":63637,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01082{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":45,"flow_dst_packets_processed":54,"flow_first_seen":71205274,"flow_src_last_pkt_time":593737928,"flow_dst_last_pkt_time":593737690,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":754,"flow_dst_tot_l4_payload_len":5336,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.214.154.216","src_port":50248,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -6669,44 +6706,35 @@ 00958{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":90737440,"flow_src_last_pkt_time":99778471,"flow_dst_last_pkt_time":90737440,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.89.249.8","src_port":50290,"dst_port":50649,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00746{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":90737440,"flow_src_last_pkt_time":99778471,"flow_dst_last_pkt_time":90737440,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.89.249.8","src_port":50290,"dst_port":50649,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":552011039,"flow_src_last_pkt_time":552011039,"flow_dst_last_pkt_time":552011039,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"154.3.42.209","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":491978225,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":491978225,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72852642,"flow_src_last_pkt_time":491978225,"flow_dst_last_pkt_time":72852642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":69142856,"flow_src_last_pkt_time":78169259,"flow_dst_last_pkt_time":69142856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.202.175","src_port":50237,"dst_port":37910,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":69142856,"flow_src_last_pkt_time":78169259,"flow_dst_last_pkt_time":69142856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.202.175","src_port":50237,"dst_port":37910,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":75358813,"flow_src_last_pkt_time":84388160,"flow_dst_last_pkt_time":75358813,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":50264,"dst_port":48380,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":75358813,"flow_src_last_pkt_time":84388160,"flow_dst_last_pkt_time":75358813,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":50264,"dst_port":48380,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433136175,"flow_src_last_pkt_time":433136175,"flow_dst_last_pkt_time":433136175,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433136175,"flow_src_last_pkt_time":433136175,"flow_dst_last_pkt_time":433136175,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433136175,"flow_src_last_pkt_time":433136175,"flow_dst_last_pkt_time":433136175,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"208.92.106.151","src_port":28681,"dst_port":32476,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71203227,"flow_src_last_pkt_time":80232155,"flow_dst_last_pkt_time":71203227,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50244,"dst_port":63978,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71203227,"flow_src_last_pkt_time":80232155,"flow_dst_last_pkt_time":71203227,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50244,"dst_port":63978,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71204889,"flow_src_last_pkt_time":80232033,"flow_dst_last_pkt_time":71204889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":50247,"dst_port":51560,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71204889,"flow_src_last_pkt_time":80232033,"flow_dst_last_pkt_time":71204889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":50247,"dst_port":51560,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":491496121,"flow_src_last_pkt_time":491496121,"flow_dst_last_pkt_time":491496121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"23.19.141.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":491496121,"flow_src_last_pkt_time":491496121,"flow_dst_last_pkt_time":491496121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"23.19.141.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312956768,"flow_src_last_pkt_time":553212305,"flow_dst_last_pkt_time":312956768,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312956768,"flow_src_last_pkt_time":553212305,"flow_dst_last_pkt_time":312956768,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":493284151,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":493284151,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312956768,"flow_src_last_pkt_time":553212305,"flow_dst_last_pkt_time":312956768,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.159.27.22","src_port":28681,"dst_port":17563,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82057972,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":82057972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82061139,"flow_src_last_pkt_time":493284151,"flow_dst_last_pkt_time":82061139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":490659991,"flow_src_last_pkt_time":551702643,"flow_dst_last_pkt_time":490659991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.149","src_port":28681,"dst_port":6599,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":490659991,"flow_src_last_pkt_time":551702643,"flow_dst_last_pkt_time":490659991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.149","src_port":28681,"dst_port":6599,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":90738695,"flow_src_last_pkt_time":99778232,"flow_dst_last_pkt_time":90738695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":50292,"dst_port":11603,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":90738695,"flow_src_last_pkt_time":99778232,"flow_dst_last_pkt_time":90738695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":50292,"dst_port":11603,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70172719,"flow_src_last_pkt_time":79201010,"flow_dst_last_pkt_time":70172719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.129.252","src_port":50243,"dst_port":27962,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70172719,"flow_src_last_pkt_time":79201010,"flow_dst_last_pkt_time":70172719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.129.252","src_port":50243,"dst_port":27962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288388,"flow_src_last_pkt_time":493288388,"flow_dst_last_pkt_time":493288388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288388,"flow_src_last_pkt_time":493288388,"flow_dst_last_pkt_time":493288388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":551892013,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":551892013,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288388,"flow_src_last_pkt_time":493288388,"flow_dst_last_pkt_time":493288388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":82058208,"flow_src_last_pkt_time":551892013,"flow_dst_last_pkt_time":82058208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":73299039,"flow_src_last_pkt_time":82326618,"flow_dst_last_pkt_time":73299039,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":50255,"dst_port":52165,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":73299039,"flow_src_last_pkt_time":82326618,"flow_dst_last_pkt_time":73299039,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":50255,"dst_port":52165,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":551890738,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":551890738,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":82066425,"flow_src_last_pkt_time":551890738,"flow_dst_last_pkt_time":82066425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":88706114,"flow_src_last_pkt_time":97732099,"flow_dst_last_pkt_time":88706114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.215.130.156","src_port":50287,"dst_port":12405,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":88706114,"flow_src_last_pkt_time":97732099,"flow_dst_last_pkt_time":88706114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.215.130.156","src_port":50287,"dst_port":12405,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":551890466,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":551890466,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71540796,"flow_src_last_pkt_time":551890466,"flow_dst_last_pkt_time":71540796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.44.190.145","src_port":28681,"dst_port":10170,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":87671361,"flow_src_last_pkt_time":96685413,"flow_dst_last_pkt_time":87671361,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.124.66.33","src_port":50282,"dst_port":13060,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":87671361,"flow_src_last_pkt_time":96685413,"flow_dst_last_pkt_time":87671361,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.124.66.33","src_port":50282,"dst_port":13060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":85607249,"flow_src_last_pkt_time":94638412,"flow_dst_last_pkt_time":85607249,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.172.184.48","src_port":50272,"dst_port":13298,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -6715,8 +6743,7 @@ 00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":84593690,"flow_src_last_pkt_time":93622465,"flow_dst_last_pkt_time":84593690,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.198.27","src_port":50271,"dst_port":60202,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":84593194,"flow_src_last_pkt_time":93622611,"flow_dst_last_pkt_time":84593194,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":50270,"dst_port":11427,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":84593194,"flow_src_last_pkt_time":93622611,"flow_dst_last_pkt_time":84593194,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.27.24.95","src_port":50270,"dst_port":11427,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":253025155,"flow_src_last_pkt_time":551892013,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":253025155,"flow_src_last_pkt_time":551892013,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":253025155,"flow_src_last_pkt_time":551892013,"flow_dst_last_pkt_time":253025155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.209","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":73301240,"flow_src_last_pkt_time":82326660,"flow_dst_last_pkt_time":73301240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.100.216.210","src_port":50258,"dst_port":7097,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":73301240,"flow_src_last_pkt_time":82326660,"flow_dst_last_pkt_time":73301240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.100.216.210","src_port":50258,"dst_port":7097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":74328113,"flow_src_last_pkt_time":83345150,"flow_dst_last_pkt_time":74328113,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.200.161","src_port":50260,"dst_port":51394,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -6731,74 +6758,57 @@ 00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":490659443,"flow_src_last_pkt_time":551881788,"flow_dst_last_pkt_time":490659443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.27.193.6","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00958{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":87670084,"flow_src_last_pkt_time":96685203,"flow_dst_last_pkt_time":87670084,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.199.148.6","src_port":50280,"dst_port":4338,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00746{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":87670084,"flow_src_last_pkt_time":96685203,"flow_dst_last_pkt_time":87670084,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.199.148.6","src_port":50280,"dst_port":4338,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":551890943,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":551890943,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":493285866,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":493285866,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":493286026,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":493286026,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72852255,"flow_src_last_pkt_time":551890943,"flow_dst_last_pkt_time":72852255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.175.220.161","src_port":28681,"dst_port":15721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82059773,"flow_src_last_pkt_time":493285866,"flow_dst_last_pkt_time":82059773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82060415,"flow_src_last_pkt_time":493286026,"flow_dst_last_pkt_time":82060415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":85608077,"flow_src_last_pkt_time":94638352,"flow_dst_last_pkt_time":85608077,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.117.100.78","src_port":50275,"dst_port":9010,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":85608077,"flow_src_last_pkt_time":94638352,"flow_dst_last_pkt_time":85608077,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.117.100.78","src_port":50275,"dst_port":9010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493286950,"flow_src_last_pkt_time":493286950,"flow_dst_last_pkt_time":493286950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493286950,"flow_src_last_pkt_time":493286950,"flow_dst_last_pkt_time":493286950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493286950,"flow_src_last_pkt_time":493286950,"flow_dst_last_pkt_time":493286950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00841{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":490660023,"flow_src_last_pkt_time":551881619,"flow_dst_last_pkt_time":552092880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.105.52.2","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":490660023,"flow_src_last_pkt_time":551881619,"flow_dst_last_pkt_time":552092880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":90,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.105.52.2","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":490660023,"flow_src_last_pkt_time":551702802,"flow_dst_last_pkt_time":490660023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"65.182.231.232","src_port":28681,"dst_port":7890,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":490660023,"flow_src_last_pkt_time":551702802,"flow_dst_last_pkt_time":490660023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"65.182.231.232","src_port":28681,"dst_port":7890,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":253025433,"flow_src_last_pkt_time":553212612,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.68.45.203","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":253025433,"flow_src_last_pkt_time":553212612,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.68.45.203","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":491980175,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":491980175,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":82058765,"flow_src_last_pkt_time":551892012,"flow_dst_last_pkt_time":82058765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":253025433,"flow_src_last_pkt_time":553212612,"flow_dst_last_pkt_time":253025433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.68.45.203","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":82062565,"flow_src_last_pkt_time":491980175,"flow_dst_last_pkt_time":82062565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":63002411,"flow_src_last_pkt_time":72031726,"flow_dst_last_pkt_time":63002411,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.128.217.128","src_port":50200,"dst_port":45194,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":63002411,"flow_src_last_pkt_time":72031726,"flow_dst_last_pkt_time":63002411,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.128.217.128","src_port":50200,"dst_port":45194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":490659046,"flow_src_last_pkt_time":551881355,"flow_dst_last_pkt_time":490659046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.110.61.169","src_port":28681,"dst_port":11973,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":490659046,"flow_src_last_pkt_time":551881355,"flow_dst_last_pkt_time":490659046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.110.61.169","src_port":28681,"dst_port":11973,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00958{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":65063303,"flow_src_last_pkt_time":74092991,"flow_dst_last_pkt_time":65063303,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.117.153.7","src_port":50213,"dst_port":50138,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00746{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":65063303,"flow_src_last_pkt_time":74092991,"flow_dst_last_pkt_time":65063303,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.117.153.7","src_port":50213,"dst_port":50138,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431830401,"flow_src_last_pkt_time":431830401,"flow_dst_last_pkt_time":431830401,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431830401,"flow_src_last_pkt_time":431830401,"flow_dst_last_pkt_time":431830401,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431830401,"flow_src_last_pkt_time":431830401,"flow_dst_last_pkt_time":431830401,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70171959,"flow_src_last_pkt_time":79201091,"flow_dst_last_pkt_time":70171959,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.18.172.208","src_port":50241,"dst_port":63172,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70171959,"flow_src_last_pkt_time":79201091,"flow_dst_last_pkt_time":70171959,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.18.172.208","src_port":50241,"dst_port":63172,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":90747448,"flow_src_last_pkt_time":99778360,"flow_dst_last_pkt_time":90747448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":50321,"dst_port":4876,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":90747448,"flow_src_last_pkt_time":99778360,"flow_dst_last_pkt_time":90747448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":50321,"dst_port":4876,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00842{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":490660023,"flow_src_last_pkt_time":490660023,"flow_dst_last_pkt_time":490939326,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.17.132.18","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":490660023,"flow_src_last_pkt_time":490660023,"flow_dst_last_pkt_time":490939326,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.17.132.18","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":553212772,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":553212772,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":551891799,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":551891799,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287365,"flow_src_last_pkt_time":493287365,"flow_dst_last_pkt_time":493287365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287365,"flow_src_last_pkt_time":493287365,"flow_dst_last_pkt_time":493287365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72851137,"flow_src_last_pkt_time":553212772,"flow_dst_last_pkt_time":72851137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.224.95.97","src_port":28681,"dst_port":46356,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":72850779,"flow_src_last_pkt_time":551891799,"flow_dst_last_pkt_time":72850779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.138.50.179","src_port":28681,"dst_port":29411,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287365,"flow_src_last_pkt_time":493287365,"flow_dst_last_pkt_time":493287365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70170653,"flow_src_last_pkt_time":79200890,"flow_dst_last_pkt_time":70170653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.41.253","src_port":50238,"dst_port":59144,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70170653,"flow_src_last_pkt_time":79200890,"flow_dst_last_pkt_time":70170653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.41.253","src_port":50238,"dst_port":59144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":86639056,"flow_src_last_pkt_time":95653991,"flow_dst_last_pkt_time":86639056,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":50276,"dst_port":56070,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":86639056,"flow_src_last_pkt_time":95653991,"flow_dst_last_pkt_time":86639056,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":50276,"dst_port":56070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00957{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":68109715,"flow_src_last_pkt_time":77122484,"flow_dst_last_pkt_time":68109715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.36.249.91","src_port":50229,"dst_port":64920,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00745{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":68109715,"flow_src_last_pkt_time":77122484,"flow_dst_last_pkt_time":68109715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.36.249.91","src_port":50229,"dst_port":64920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287531,"flow_src_last_pkt_time":493287531,"flow_dst_last_pkt_time":493287531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287531,"flow_src_last_pkt_time":493287531,"flow_dst_last_pkt_time":493287531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":551890376,"flow_src_last_pkt_time":551890376,"flow_dst_last_pkt_time":551890376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":551890376,"flow_src_last_pkt_time":551890376,"flow_dst_last_pkt_time":551890376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493287531,"flow_src_last_pkt_time":493287531,"flow_dst_last_pkt_time":493287531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.98.115.128","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":551890376,"flow_src_last_pkt_time":551890376,"flow_dst_last_pkt_time":551890376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":61977895,"flow_src_last_pkt_time":61977895,"flow_dst_last_pkt_time":61977895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.157.143.201","src_port":50195,"dst_port":29762,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":61977895,"flow_src_last_pkt_time":61977895,"flow_dst_last_pkt_time":61977895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.157.143.201","src_port":50195,"dst_port":29762,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00958{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71204511,"flow_src_last_pkt_time":80232141,"flow_dst_last_pkt_time":71204511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50246,"dst_port":45685,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00746{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":71204511,"flow_src_last_pkt_time":80232141,"flow_dst_last_pkt_time":71204511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50246,"dst_port":45685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":371838970,"flow_src_last_pkt_time":491980650,"flow_dst_last_pkt_time":371838970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":371838970,"flow_src_last_pkt_time":491980650,"flow_dst_last_pkt_time":371838970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":371838970,"flow_src_last_pkt_time":491980650,"flow_dst_last_pkt_time":371838970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":65062149,"flow_src_last_pkt_time":74092777,"flow_dst_last_pkt_time":65062149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.234.18.166","src_port":50210,"dst_port":61404,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":65062149,"flow_src_last_pkt_time":74092777,"flow_dst_last_pkt_time":65062149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.234.18.166","src_port":50210,"dst_port":61404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":551891992,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":551891992,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":72853009,"flow_src_last_pkt_time":551891992,"flow_dst_last_pkt_time":72853009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.65.70.197","src_port":28681,"dst_port":21693,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":64032422,"flow_src_last_pkt_time":73065113,"flow_dst_last_pkt_time":64032422,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.46.139.171","src_port":50205,"dst_port":52120,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":64032422,"flow_src_last_pkt_time":73065113,"flow_dst_last_pkt_time":64032422,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.46.139.171","src_port":50205,"dst_port":52120,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":490659611,"flow_src_last_pkt_time":551701186,"flow_dst_last_pkt_time":490659611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.192.231.237","src_port":28681,"dst_port":9676,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":490659611,"flow_src_last_pkt_time":551701186,"flow_dst_last_pkt_time":490659611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.192.231.237","src_port":28681,"dst_port":9676,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":551890853,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":551890853,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":551891491,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":551891491,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":71539473,"flow_src_last_pkt_time":551890853,"flow_dst_last_pkt_time":71539473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.169.2.153","src_port":28681,"dst_port":52414,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":72853538,"flow_src_last_pkt_time":551891491,"flow_dst_last_pkt_time":72853538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.197.111.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00841{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":490659223,"flow_src_last_pkt_time":490659223,"flow_dst_last_pkt_time":490846962,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":28681,"dst_port":8890,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":490659223,"flow_src_last_pkt_time":490659223,"flow_dst_last_pkt_time":490846962,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":28681,"dst_port":8890,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":87670730,"flow_src_last_pkt_time":96685056,"flow_dst_last_pkt_time":87670730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.134.154.158","src_port":50281,"dst_port":54130,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -6808,20 +6818,16 @@ 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":66079236,"flow_src_last_pkt_time":75108166,"flow_dst_last_pkt_time":66079236,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.121.165.12","src_port":50219,"dst_port":55376,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01086{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"finished","flow_src_packets_processed":153,"flow_dst_packets_processed":159,"flow_first_seen":88704875,"flow_src_last_pkt_time":593713091,"flow_dst_last_pkt_time":593712859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":599,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2615,"flow_dst_tot_l4_payload_len":16813,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":50285,"dst_port":52367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01328{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":114930776,"flow_src_last_pkt_time":116342717,"flow_dst_last_pkt_time":116342552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":2552,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"HTTP.Gnutella","proto_id":"7.35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media"}} -00962{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":493283238,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":493283238,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00840{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":373494060,"flow_src_last_pkt_time":551890239,"flow_dst_last_pkt_time":373494060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.68.255","src_port":28681,"dst_port":12838,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":373494060,"flow_src_last_pkt_time":551890239,"flow_dst_last_pkt_time":373494060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.68.255","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288007,"flow_src_last_pkt_time":493288007,"flow_dst_last_pkt_time":493288007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288007,"flow_src_last_pkt_time":493288007,"flow_dst_last_pkt_time":493288007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01181{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":82060952,"flow_src_last_pkt_time":493283238,"flow_dst_last_pkt_time":82060952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":373494060,"flow_src_last_pkt_time":551890239,"flow_dst_last_pkt_time":373494060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.68.255","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288007,"flow_src_last_pkt_time":493288007,"flow_dst_last_pkt_time":493288007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.164.39.233","src_port":28681,"dst_port":20855,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00957{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70171206,"flow_src_last_pkt_time":79201060,"flow_dst_last_pkt_time":70171206,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.105.52.2","src_port":50239,"dst_port":6384,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00745{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70171206,"flow_src_last_pkt_time":79201060,"flow_dst_last_pkt_time":70171206,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"112.105.52.2","src_port":50239,"dst_port":6384,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":86640432,"flow_src_last_pkt_time":95653973,"flow_dst_last_pkt_time":86640432,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.231.59.187","src_port":50278,"dst_port":62234,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":86640432,"flow_src_last_pkt_time":95653973,"flow_dst_last_pkt_time":86640432,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.231.59.187","src_port":50278,"dst_port":62234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":490658312,"flow_src_last_pkt_time":490658312,"flow_dst_last_pkt_time":490658312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.119.55.28","src_port":28681,"dst_port":20347,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":490658312,"flow_src_last_pkt_time":490658312,"flow_dst_last_pkt_time":490658312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.119.55.28","src_port":28681,"dst_port":20347,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433135408,"flow_src_last_pkt_time":433135408,"flow_dst_last_pkt_time":433135408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433135408,"flow_src_last_pkt_time":433135408,"flow_dst_last_pkt_time":433135408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":433135408,"flow_src_last_pkt_time":433135408,"flow_dst_last_pkt_time":433135408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01087{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"finished","flow_src_packets_processed":146,"flow_dst_packets_processed":149,"flow_first_seen":90745963,"flow_src_last_pkt_time":593624376,"flow_dst_last_pkt_time":593620036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":601,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":2601,"flow_dst_tot_l4_payload_len":7395,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":50312,"dst_port":23548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72265587,"flow_src_last_pkt_time":81294293,"flow_dst_last_pkt_time":72265587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.127.1.235","src_port":50251,"dst_port":37814,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":72265587,"flow_src_last_pkt_time":81294293,"flow_dst_last_pkt_time":72265587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.127.1.235","src_port":50251,"dst_port":37814,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -6833,12 +6839,10 @@ 00746{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":63002631,"flow_src_last_pkt_time":72031755,"flow_dst_last_pkt_time":63002631,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.122.93.185","src_port":50201,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":66078256,"flow_src_last_pkt_time":75077234,"flow_dst_last_pkt_time":66078256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50217,"dst_port":54958,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":66078256,"flow_src_last_pkt_time":75077234,"flow_dst_last_pkt_time":66078256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50217,"dst_port":54958,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":491980468,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":491980468,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":82058413,"flow_src_last_pkt_time":491980468,"flow_dst_last_pkt_time":82058413,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00959{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":61975786,"flow_src_last_pkt_time":61975786,"flow_dst_last_pkt_time":61975786,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.152.66.153","src_port":50194,"dst_port":43771,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":61975786,"flow_src_last_pkt_time":61975786,"flow_dst_last_pkt_time":61975786,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.152.66.153","src_port":50194,"dst_port":43771,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":493284992,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":493284992,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":70230689,"flow_src_last_pkt_time":493284992,"flow_dst_last_pkt_time":70230689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.131.85.245","src_port":28681,"dst_port":31743,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70172361,"flow_src_last_pkt_time":79201116,"flow_dst_last_pkt_time":70172361,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.210.203.131","src_port":50242,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":70172361,"flow_src_last_pkt_time":79201116,"flow_dst_last_pkt_time":70172361,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.210.203.131","src_port":50242,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":67095290,"flow_src_last_pkt_time":76122637,"flow_dst_last_pkt_time":67095290,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.210.81.147","src_port":50225,"dst_port":24800,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -6847,34 +6851,30 @@ 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":75358059,"flow_src_last_pkt_time":84388275,"flow_dst_last_pkt_time":75358059,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.182.136.42","src_port":50263,"dst_port":27873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00958{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":67093324,"flow_src_last_pkt_time":76122608,"flow_dst_last_pkt_time":67093324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":50221,"dst_port":49956,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00746{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":67093324,"flow_src_last_pkt_time":76122608,"flow_dst_last_pkt_time":67093324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":50221,"dst_port":49956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493286408,"flow_src_last_pkt_time":493286408,"flow_dst_last_pkt_time":493286408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493286408,"flow_src_last_pkt_time":493286408,"flow_dst_last_pkt_time":493286408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493286408,"flow_src_last_pkt_time":493286408,"flow_dst_last_pkt_time":493286408,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":490660023,"flow_src_last_pkt_time":551702853,"flow_dst_last_pkt_time":490660023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.66.94.132","src_port":28681,"dst_port":17735,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":490660023,"flow_src_last_pkt_time":551702853,"flow_dst_last_pkt_time":490660023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.66.94.132","src_port":28681,"dst_port":17735,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431829260,"flow_src_last_pkt_time":431829260,"flow_dst_last_pkt_time":431829260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431829260,"flow_src_last_pkt_time":431829260,"flow_dst_last_pkt_time":431829260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":431829260,"flow_src_last_pkt_time":431829260,"flow_dst_last_pkt_time":431829260,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 00960{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":66076724,"flow_src_last_pkt_time":75077158,"flow_dst_last_pkt_time":66076724,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.193.171.146","src_port":50214,"dst_port":53808,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":66076724,"flow_src_last_pkt_time":75077158,"flow_dst_last_pkt_time":66076724,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.193.171.146","src_port":50214,"dst_port":53808,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00961{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":86639757,"flow_src_last_pkt_time":95653781,"flow_dst_last_pkt_time":86639757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":50277,"dst_port":36368,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00749{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":86639757,"flow_src_last_pkt_time":95653781,"flow_dst_last_pkt_time":86639757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":50277,"dst_port":36368,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00964{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288174,"flow_src_last_pkt_time":493288174,"flow_dst_last_pkt_time":493288174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00752{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288174,"flow_src_last_pkt_time":493288174,"flow_dst_last_pkt_time":493288174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01183{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":493288174,"flow_src_last_pkt_time":493288174,"flow_dst_last_pkt_time":493288174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01082{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":47,"flow_first_seen":71205609,"flow_src_last_pkt_time":593376712,"flow_dst_last_pkt_time":593376534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":1065,"flow_src_tot_l4_payload_len":753,"flow_dst_tot_l4_payload_len":5162,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.208.180.181","src_port":50249,"dst_port":45883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01187{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":95716226,"flow_src_last_pkt_time":426377575,"flow_dst_last_pkt_time":426518025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":61,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":165,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":553212866,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":553212866,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00595{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","packets-captured":3905,"packets-processed":3882,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":623,"total-guessed-flows":4,"total-detected-flows":174,"total-detection-updates":5,"total-updates":2519,"current-active-flows":0,"total-active-flows":801,"total-idle-flows":801,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6866,"global_ts_usec":600247226} +01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":553212866,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} +00595{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","packets-captured":3905,"packets-processed":3882,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":397,"total-guessed-flows":3,"total-detected-flows":401,"total-detection-updates":5,"total-updates":2519,"current-active-flows":0,"total-active-flows":801,"total-idle-flows":801,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6866,"global_ts_usec":600247226} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3905/3882 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 383594 bytes -~~ total detected protocols..: 174 +~~ total detected protocols..: 401 ~~ total active/idle flows...: 801/801 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9874568 bytes -~~ total memory freed........: 9874568 bytes -~~ total allocations/frees...: 161231/161231 +~~ total memory allocated....: 9523535 bytes +~~ total memory freed........: 9523535 bytes +~~ total allocations/frees...: 155636/155636 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 274 chars ~~ json string max len.......: 2354 chars diff --git a/test/results/default/google_ssl.pcap.out b/test/results/default/google_ssl.pcap.out index e9c4360dc..0b9d14718 100644 --- a/test/results/default/google_ssl.pcap.out +++ b/test/results/default/google_ssl.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966959 bytes -~~ total memory freed........: 7966959 bytes -~~ total allocations/frees...: 148316/148316 +~~ total memory allocated....: 7596620 bytes +~~ total memory freed........: 7596620 bytes +~~ total allocations/frees...: 142719/142719 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 942 chars diff --git a/test/results/default/googledns_android10.pcap.out b/test/results/default/googledns_android10.pcap.out index aab546243..527130547 100644 --- a/test/results/default/googledns_android10.pcap.out +++ b/test/results/default/googledns_android10.pcap.out @@ -83,9 +83,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8030379 bytes -~~ total memory freed........: 8030379 bytes -~~ total allocations/frees...: 148967/148967 +~~ total memory allocated....: 7660208 bytes +~~ total memory freed........: 7660208 bytes +~~ total allocations/frees...: 143370/143370 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 525 chars ~~ json string max len.......: 2357 chars diff --git a/test/results/default/gquic.pcap.out b/test/results/default/gquic.pcap.out index 472721c1c..e2942e909 100644 --- a/test/results/default/gquic.pcap.out +++ b/test/results/default/gquic.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7974499 bytes -~~ total memory freed........: 7974499 bytes -~~ total allocations/frees...: 148308/148308 +~~ total memory allocated....: 7604160 bytes +~~ total memory freed........: 7604160 bytes +~~ total allocations/frees...: 142711/142711 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 2348 chars diff --git a/test/results/default/gtp_c.pcap.out b/test/results/default/gtp_c.pcap.out index 2adc40987..8a4194b39 100644 --- a/test/results/default/gtp_c.pcap.out +++ b/test/results/default/gtp_c.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964215 bytes -~~ total memory freed........: 7964215 bytes -~~ total allocations/frees...: 148291/148291 +~~ total memory allocated....: 7593876 bytes +~~ total memory freed........: 7593876 bytes +~~ total allocations/frees...: 142694/142694 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 1102 chars diff --git a/test/results/default/gtp_false_positive.pcapng.out b/test/results/default/gtp_false_positive.pcapng.out index 7848d9a0a..13299f142 100644 --- a/test/results/default/gtp_false_positive.pcapng.out +++ b/test/results/default/gtp_false_positive.pcapng.out @@ -28,9 +28,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7968502 bytes -~~ total memory freed........: 7968502 bytes -~~ total allocations/frees...: 148316/148316 +~~ total memory allocated....: 7598211 bytes +~~ total memory freed........: 7598211 bytes +~~ total allocations/frees...: 142719/142719 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 526 chars ~~ json string max len.......: 1082 chars diff --git a/test/results/default/gtp_prime.pcapng.out b/test/results/default/gtp_prime.pcapng.out index 52238cd07..d6d7fcd3c 100644 --- a/test/results/default/gtp_prime.pcapng.out +++ b/test/results/default/gtp_prime.pcapng.out @@ -11,9 +11,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7961999 bytes -~~ total memory freed........: 7961999 bytes -~~ total allocations/frees...: 148276/148276 +~~ total memory allocated....: 7591636 bytes +~~ total memory freed........: 7591636 bytes +~~ total allocations/frees...: 142679/142679 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 304 chars ~~ json string max len.......: 704 chars diff --git a/test/results/default/h323-overflow.pcap.out b/test/results/default/h323-overflow.pcap.out index 1fd6d25e0..e0bd63912 100644 --- a/test/results/default/h323-overflow.pcap.out +++ b/test/results/default/h323-overflow.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966176 bytes -~~ total memory freed........: 7966176 bytes -~~ total allocations/frees...: 148289/148289 +~~ total memory allocated....: 7595837 bytes +~~ total memory freed........: 7595837 bytes +~~ total allocations/frees...: 142692/142692 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 1078 chars diff --git a/test/results/default/h323.pcap.out b/test/results/default/h323.pcap.out index e21abbf59..0b6e4fca7 100644 --- a/test/results/default/h323.pcap.out +++ b/test/results/default/h323.pcap.out @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7968595 bytes -~~ total memory freed........: 7968595 bytes -~~ total allocations/frees...: 148311/148311 +~~ total memory allocated....: 7598280 bytes +~~ total memory freed........: 7598280 bytes +~~ total allocations/frees...: 142714/142714 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 1004 chars diff --git a/test/results/default/hangout.pcap.out b/test/results/default/hangout.pcap.out deleted file mode 100644 index 1ea4d9b62..000000000 --- a/test/results/default/hangout.pcap.out +++ /dev/null @@ -1,26 +0,0 @@ -00508{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hangout.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00571{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hangout.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1468516947751092} -00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1468516947751092,"flow_src_last_pkt_time":1468516947751092,"flow_dst_last_pkt_time":1468516947751092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1468516947751092,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1468516947751092,"flow_dst_last_pkt_time":1468516947751092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1468516947751092,"pkt":"CJ4BbNkmACFeRhcmCABFAACEs2cAACwRwp9KfYZ\/Clk9DUtp3FYAcAThAQEAVCESpEJmaHpqc2RpS0drd1gABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFKAHosL2sVKq2EKifFUwLylv3i3sgCgABLYwivQ="} -01275{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1468516947751092,"flow_src_last_pkt_time":1468516947751092,"flow_dst_last_pkt_time":1468516947751092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1468516947751092,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":1}}} -00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1468516948761773,"flow_dst_last_pkt_time":1468516947751092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1468516948761773,"pkt":"CJ4BbNkmACFeRhcmCABFAACEtXUAACwRwJFKfYZ\/Clk9DUtp3FYAcMuPAQEAVCESpEJ2bG8rRTlqWDZMSTAABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFD0l9HkkR5C8mDGwDSrC9i\/8E7pdgCgABPT5D+E="} -00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1468516949760074,"flow_dst_last_pkt_time":1468516947751092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1468516949760074,"pkt":"CJ4BbNkmACFeRhcmCABFAACEuNIAACwRvTRKfYZ\/Clk9DUtp3FYAcJ51AQEAVCESpEJFNlpieTl0eEswU3gABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFGvaO+U3jhYTDCbM5zzzk6bw5Z+5gCgABA724k8="} -00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1468516950761344,"flow_dst_last_pkt_time":1468516947751092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1468516950761344,"pkt":"CJ4BbNkmACFeRhcmCABFAACEuZ4AACwRvGhKfYZ\/Clk9DUtp3FYAcMbxAQEAVCESpEI0V3JrM294eUpQYkUABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFNC9mufBZa6t2mlytRWG+GVqRPeFgCgABFD8O5k="} -00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1468516951755218,"flow_dst_last_pkt_time":1468516947751092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1468516951755218,"pkt":"CJ4BbNkmACFeRhcmCABFAACEvAkAACwRuf1KfYZ\/Clk9DUtp3FYAcMoTAQEAVCESpEIzNzUzNHA3SFB5WXkABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFN19ozbT6UHvV6s9ZmQQ8B8JGd90gCgABKablDQ="} -01232{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1468516947751092,"flow_src_last_pkt_time":1468516965768983,"flow_dst_last_pkt_time":1468516947751092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1976,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1468516965768983,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00580{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/hangout.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":1976,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1468516965768983} -~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 19/19 -~~ skipped flows.............: 0 -~~ total layer4 data length..: 1976 bytes -~~ total detected protocols..: 1 -~~ total active/idle flows...: 1/1 -~~ total timeout flows.......: 0 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964650 bytes -~~ total memory freed........: 7964650 bytes -~~ total allocations/frees...: 148306/148306 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 513 chars -~~ json string max len.......: 1280 chars -~~ json string avg len.......: 893 chars diff --git a/test/results/default/heuristic_tcp_ack_payload.pcap.out b/test/results/default/heuristic_tcp_ack_payload.pcap.out index 16aed9b93..af5223043 100644 --- a/test/results/default/heuristic_tcp_ack_payload.pcap.out +++ b/test/results/default/heuristic_tcp_ack_payload.pcap.out @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7995758 bytes -~~ total memory freed........: 7995758 bytes -~~ total allocations/frees...: 148654/148654 +~~ total memory allocated....: 7625539 bytes +~~ total memory freed........: 7625539 bytes +~~ total allocations/frees...: 143057/143057 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 531 chars ~~ json string max len.......: 2021 chars diff --git a/test/results/default/hots.pcapng.out b/test/results/default/hots.pcapng.out index 2c811d5ee..e0753cb3a 100644 --- a/test/results/default/hots.pcapng.out +++ b/test/results/default/hots.pcapng.out @@ -38,9 +38,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7971199 bytes -~~ total memory freed........: 7971199 bytes -~~ total allocations/frees...: 148409/148409 +~~ total memory allocated....: 7600908 bytes +~~ total memory freed........: 7600908 bytes +~~ total allocations/frees...: 142812/142812 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2329 chars diff --git a/test/results/default/hpvirtgrp.pcap.out b/test/results/default/hpvirtgrp.pcap.out index 545763fb3..9df08e1d7 100644 --- a/test/results/default/hpvirtgrp.pcap.out +++ b/test/results/default/hpvirtgrp.pcap.out @@ -88,9 +88,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8003274 bytes -~~ total memory freed........: 8003274 bytes -~~ total allocations/frees...: 148520/148520 +~~ total memory allocated....: 7633127 bytes +~~ total memory freed........: 7633127 bytes +~~ total allocations/frees...: 142923/142923 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 986 chars diff --git a/test/results/default/hsrp0.pcap.out b/test/results/default/hsrp0.pcap.out index 9d951c113..bc692f7b2 100644 --- a/test/results/default/hsrp0.pcap.out +++ b/test/results/default/hsrp0.pcap.out @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7970403 bytes -~~ total memory freed........: 7970403 bytes -~~ total allocations/frees...: 148320/148320 +~~ total memory allocated....: 7600136 bytes +~~ total memory freed........: 7600136 bytes +~~ total allocations/frees...: 142723/142723 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 964 chars diff --git a/test/results/default/hsrp2.pcap.out b/test/results/default/hsrp2.pcap.out index c0932e777..62dc3fdcf 100644 --- a/test/results/default/hsrp2.pcap.out +++ b/test/results/default/hsrp2.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966201 bytes -~~ total memory freed........: 7966201 bytes -~~ total allocations/frees...: 148298/148298 +~~ total memory allocated....: 7595886 bytes +~~ total memory freed........: 7595886 bytes +~~ total allocations/frees...: 142701/142701 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 966 chars diff --git a/test/results/default/hsrp2_ipv6.pcapng.out b/test/results/default/hsrp2_ipv6.pcapng.out index 873dbdfac..51d6d094f 100644 --- a/test/results/default/hsrp2_ipv6.pcapng.out +++ b/test/results/default/hsrp2_ipv6.pcapng.out @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967187 bytes -~~ total memory freed........: 7967187 bytes -~~ total allocations/frees...: 148332/148332 +~~ total memory allocated....: 7596872 bytes +~~ total memory freed........: 7596872 bytes +~~ total allocations/frees...: 142735/142735 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 518 chars ~~ json string max len.......: 1100 chars diff --git a/test/results/default/http-crash-content-disposition.pcap.out b/test/results/default/http-crash-content-disposition.pcap.out index 7f85f22eb..63d7f7fb4 100644 --- a/test/results/default/http-crash-content-disposition.pcap.out +++ b/test/results/default/http-crash-content-disposition.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964510 bytes -~~ total memory freed........: 7964510 bytes -~~ total allocations/frees...: 148303/148303 +~~ total memory allocated....: 7594171 bytes +~~ total memory freed........: 7594171 bytes +~~ total allocations/frees...: 142706/142706 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 536 chars ~~ json string max len.......: 1157 chars diff --git a/test/results/default/http-lines-split.pcap.out b/test/results/default/http-lines-split.pcap.out index cead4f106..be3934cb9 100644 --- a/test/results/default/http-lines-split.pcap.out +++ b/test/results/default/http-lines-split.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964563 bytes -~~ total memory freed........: 7964563 bytes -~~ total allocations/frees...: 148304/148304 +~~ total memory allocated....: 7594224 bytes +~~ total memory freed........: 7594224 bytes +~~ total allocations/frees...: 142707/142707 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 522 chars ~~ json string max len.......: 1273 chars diff --git a/test/results/default/http-manipulated.pcap.out b/test/results/default/http-manipulated.pcap.out index c682dc2a3..390f27bf2 100644 --- a/test/results/default/http-manipulated.pcap.out +++ b/test/results/default/http-manipulated.pcap.out @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967604 bytes -~~ total memory freed........: 7967604 bytes -~~ total allocations/frees...: 148349/148349 +~~ total memory allocated....: 7597289 bytes +~~ total memory freed........: 7597289 bytes +~~ total allocations/frees...: 142752/142752 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 522 chars ~~ json string max len.......: 1297 chars diff --git a/test/results/default/http-proxy.pcapng.out b/test/results/default/http-proxy.pcapng.out index 528064262..c99533e5f 100644 --- a/test/results/default/http-proxy.pcapng.out +++ b/test/results/default/http-proxy.pcapng.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964566 bytes -~~ total memory freed........: 7964566 bytes -~~ total allocations/frees...: 148303/148303 +~~ total memory allocated....: 7594227 bytes +~~ total memory freed........: 7594227 bytes +~~ total allocations/frees...: 142706/142706 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 518 chars ~~ json string max len.......: 1150 chars diff --git a/test/results/default/http_asymmetric.pcapng.out b/test/results/default/http_asymmetric.pcapng.out index bbdd7edbc..4b65127dc 100644 --- a/test/results/default/http_asymmetric.pcapng.out +++ b/test/results/default/http_asymmetric.pcapng.out @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967482 bytes -~~ total memory freed........: 7967482 bytes -~~ total allocations/frees...: 148340/148340 +~~ total memory allocated....: 7597167 bytes +~~ total memory freed........: 7597167 bytes +~~ total allocations/frees...: 142743/142743 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 523 chars ~~ json string max len.......: 2520 chars diff --git a/test/results/default/http_auth.pcap.out b/test/results/default/http_auth.pcap.out index faa5df9cb..5026d3c1a 100644 --- a/test/results/default/http_auth.pcap.out +++ b/test/results/default/http_auth.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7965301 bytes -~~ total memory freed........: 7965301 bytes -~~ total allocations/frees...: 148327/148327 +~~ total memory allocated....: 7594962 bytes +~~ total memory freed........: 7594962 bytes +~~ total allocations/frees...: 142730/142730 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 2428 chars diff --git a/test/results/default/http_connect.pcap.out b/test/results/default/http_connect.pcap.out index dbdc265c7..99740a188 100644 --- a/test/results/default/http_connect.pcap.out +++ b/test/results/default/http_connect.pcap.out @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7986914 bytes -~~ total memory freed........: 7986914 bytes -~~ total allocations/frees...: 148419/148419 +~~ total memory allocated....: 7616623 bytes +~~ total memory freed........: 7616623 bytes +~~ total allocations/frees...: 142822/142822 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 518 chars ~~ json string max len.......: 2168 chars diff --git a/test/results/default/http_guessed_host_and_guessed.pcapng.out b/test/results/default/http_guessed_host_and_guessed.pcapng.out index 649c85f46..d606878e2 100644 --- a/test/results/default/http_guessed_host_and_guessed.pcapng.out +++ b/test/results/default/http_guessed_host_and_guessed.pcapng.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966196 bytes -~~ total memory freed........: 7966196 bytes -~~ total allocations/frees...: 148290/148290 +~~ total memory allocated....: 7595857 bytes +~~ total memory freed........: 7595857 bytes +~~ total allocations/frees...: 142693/142693 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 537 chars ~~ json string max len.......: 1343 chars diff --git a/test/results/default/http_invalid_server.pcap.out b/test/results/default/http_invalid_server.pcap.out new file mode 100644 index 000000000..94dac7e70 --- /dev/null +++ b/test/results/default/http_invalid_server.pcap.out @@ -0,0 +1,27 @@ +00520{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00583{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1689351610492040} +00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610492040,"flow_dst_last_pkt_time":1689351610492040,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1689351610492040,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1689351610492040,"flow_dst_last_pkt_time":1689351610492040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1689351610492040,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdj8wOt8lQAFD6kEYtAAAAALAC\/\/9gewAAAgQFtAEDAwYBAQgKTnqLxQAAAAAEAgAA"} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1689351610492040,"flow_dst_last_pkt_time":1689351610504245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1689351610504245,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAAPIGKHOPzA63wKgBHQBQyVB61nu9+pBGLqAS\/\/+ARwAAAgQFoAQCCAoTAnk8TnqLxQEDAwk="} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1689351610504338,"flow_dst_last_pkt_time":1689351610504245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1689351610504338,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdj8wOt8lQAFD6kEYuetZ7voAQCARgbwAAAQEICk56i9ETAnk8"} +00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610504245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_usec":1689351610504451,"pkt":"EBMx8Tl2nFg8p+7MCABFAACGAABAAEAGAADAqAEdj8wOt8lQAFD6kEYuetZ7voAYCARgwQAAAQEICk56i9ETAnk8R0VUIC8gSFRUUC8xLjENCkhvc3Q6IG9jc3Aucm9vdGcyLmFtYXpvbnRydXN0LmNvbQ0KVXNlci1BZ2VudDogKioNCkFjY2VwdDogKi8qDQoNCg=="} +01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610504245,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1689351610504451,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ocsp.rootg2.amazontrust.com","http": {"url":"ocsp.rootg2.amazontrust.com\/","code":0,"content_type":"","user_agent":"**"}}} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610516723,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1689351610516723,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA07CcAAPIGfFOPzA63wKgBHQBQyVB61nu++pBGgIAQAICuFwAAAQEIChMCeUhOeovR"} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610516826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":402,"midstream":0,"thread_ts_usec":1689351610516826,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web","hostname":"ocsp.rootg2.amazontrust.com","http": {"url":"ocsp.rootg2.amazontrust.com\/","code":200,"content_type":"application\/ocsp-response","user_agent":"**"}}} +01208{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610530140,"flow_dst_last_pkt_time":1689351610529997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":407,"midstream":0,"thread_ts_usec":1689351610530140,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}} +00591{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1689351610530140} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 12/12 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 489 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7594214 bytes +~~ total memory freed........: 7594214 bytes +~~ total allocations/frees...: 142708/142708 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 525 chars +~~ json string max len.......: 1344 chars +~~ json string avg len.......: 918 chars diff --git a/test/results/default/http_ipv6.pcap.out b/test/results/default/http_ipv6.pcap.out index 2b30f1f62..3163a52d2 100644 --- a/test/results/default/http_ipv6.pcap.out +++ b/test/results/default/http_ipv6.pcap.out @@ -121,9 +121,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8083871 bytes -~~ total memory freed........: 8083871 bytes -~~ total allocations/frees...: 148713/148713 +~~ total memory allocated....: 7713868 bytes +~~ total memory freed........: 7713868 bytes +~~ total allocations/frees...: 143116/143116 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 2388 chars diff --git a/test/results/default/http_on_sip_port.pcap.out b/test/results/default/http_on_sip_port.pcap.out index eae236c16..bef6ed96d 100644 --- a/test/results/default/http_on_sip_port.pcap.out +++ b/test/results/default/http_on_sip_port.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964593 bytes -~~ total memory freed........: 7964593 bytes -~~ total allocations/frees...: 148299/148299 +~~ total memory allocated....: 7594254 bytes +~~ total memory freed........: 7594254 bytes +~~ total allocations/frees...: 142702/142702 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 522 chars ~~ json string max len.......: 2360 chars diff --git a/test/results/default/http_origin_different_than_host.pcap.out b/test/results/default/http_origin_different_than_host.pcap.out index 264d50c97..6d7d72ea1 100644 --- a/test/results/default/http_origin_different_than_host.pcap.out +++ b/test/results/default/http_origin_different_than_host.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7961999 bytes -~~ total memory freed........: 7961999 bytes -~~ total allocations/frees...: 148276/148276 +~~ total memory allocated....: 7591636 bytes +~~ total memory freed........: 7591636 bytes +~~ total allocations/frees...: 142679/142679 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 324 chars ~~ json string max len.......: 1278 chars diff --git a/test/results/default/http_starting_with_reply.pcapng.out b/test/results/default/http_starting_with_reply.pcapng.out index 3d24b32ca..e27571fc7 100644 --- a/test/results/default/http_starting_with_reply.pcapng.out +++ b/test/results/default/http_starting_with_reply.pcapng.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964863 bytes -~~ total memory freed........: 7964863 bytes -~~ total allocations/frees...: 148313/148313 +~~ total memory allocated....: 7594524 bytes +~~ total memory freed........: 7594524 bytes +~~ total allocations/frees...: 142716/142716 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 532 chars ~~ json string max len.......: 2529 chars diff --git a/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out b/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out index 33070438c..2da91ebbe 100644 --- a/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out +++ b/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967440 bytes -~~ total memory freed........: 7967440 bytes -~~ total allocations/frees...: 148403/148403 +~~ total memory allocated....: 7597101 bytes +~~ total memory freed........: 7597101 bytes +~~ total allocations/frees...: 142806/142806 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 536 chars ~~ json string max len.......: 2428 chars diff --git a/test/results/default/i3d.pcap.out b/test/results/default/i3d.pcap.out index 2d6acbde0..88cc64c94 100644 --- a/test/results/default/i3d.pcap.out +++ b/test/results/default/i3d.pcap.out @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7972139 bytes -~~ total memory freed........: 7972139 bytes -~~ total allocations/frees...: 148380/148380 +~~ total memory allocated....: 7601872 bytes +~~ total memory freed........: 7601872 bytes +~~ total allocations/frees...: 142783/142783 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 2172 chars diff --git a/test/results/default/iax.pcap.out b/test/results/default/iax.pcap.out index b1bfa2285..de0235953 100644 --- a/test/results/default/iax.pcap.out +++ b/test/results/default/iax.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7965549 bytes -~~ total memory freed........: 7965549 bytes -~~ total allocations/frees...: 148337/148337 +~~ total memory allocated....: 7595210 bytes +~~ total memory freed........: 7595210 bytes +~~ total allocations/frees...: 142740/142740 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 2311 chars diff --git a/test/results/default/icmp-tunnel.pcap.out b/test/results/default/icmp-tunnel.pcap.out index 49fbfd992..f0237bc85 100644 --- a/test/results/default/icmp-tunnel.pcap.out +++ b/test/results/default/icmp-tunnel.pcap.out @@ -45,9 +45,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7989126 bytes -~~ total memory freed........: 7989126 bytes -~~ total allocations/frees...: 149150/149150 +~~ total memory allocated....: 7618787 bytes +~~ total memory freed........: 7618787 bytes +~~ total allocations/frees...: 143553/143553 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 517 chars ~~ json string max len.......: 2482 chars diff --git a/test/results/default/iec60780-5-104.pcap.out b/test/results/default/iec60780-5-104.pcap.out index 0dcf441df..1e78eebbf 100644 --- a/test/results/default/iec60780-5-104.pcap.out +++ b/test/results/default/iec60780-5-104.pcap.out @@ -59,9 +59,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7978862 bytes -~~ total memory freed........: 7978862 bytes -~~ total allocations/frees...: 148489/148489 +~~ total memory allocated....: 7608643 bytes +~~ total memory freed........: 7608643 bytes +~~ total allocations/frees...: 142892/142892 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 520 chars ~~ json string max len.......: 2259 chars diff --git a/test/results/default/imap-starttls.pcap.out b/test/results/default/imap-starttls.pcap.out index e92972b8a..65447f1ff 100644 --- a/test/results/default/imap-starttls.pcap.out +++ b/test/results/default/imap-starttls.pcap.out @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7983423 bytes -~~ total memory freed........: 7983423 bytes -~~ total allocations/frees...: 148331/148331 +~~ total memory allocated....: 7613084 bytes +~~ total memory freed........: 7613084 bytes +~~ total allocations/frees...: 142734/142734 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 2006 chars diff --git a/test/results/default/imap.pcap.out b/test/results/default/imap.pcap.out index 37e55b60f..a20a5d92b 100644 --- a/test/results/default/imap.pcap.out +++ b/test/results/default/imap.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967132 bytes -~~ total memory freed........: 7967132 bytes -~~ total allocations/frees...: 148322/148322 +~~ total memory allocated....: 7596793 bytes +~~ total memory freed........: 7596793 bytes +~~ total allocations/frees...: 142725/142725 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 2382 chars diff --git a/test/results/default/imaps.pcap.out b/test/results/default/imaps.pcap.out index 38355b25e..4b7c9a993 100644 --- a/test/results/default/imaps.pcap.out +++ b/test/results/default/imaps.pcap.out @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7980826 bytes -~~ total memory freed........: 7980826 bytes -~~ total allocations/frees...: 148339/148339 +~~ total memory allocated....: 7610511 bytes +~~ total memory freed........: 7610511 bytes +~~ total allocations/frees...: 142742/142742 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 1244 chars diff --git a/test/results/default/imo.pcap.out b/test/results/default/imo.pcap.out index ffeb6f29c..17e74178a 100644 --- a/test/results/default/imo.pcap.out +++ b/test/results/default/imo.pcap.out @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7969099 bytes -~~ total memory freed........: 7969099 bytes -~~ total allocations/frees...: 148398/148398 +~~ total memory allocated....: 7598784 bytes +~~ total memory freed........: 7598784 bytes +~~ total allocations/frees...: 142801/142801 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 2199 chars diff --git a/test/results/default/instagram.pcap.out b/test/results/default/instagram.pcap.out index e5f606d87..add3c3250 100644 --- a/test/results/default/instagram.pcap.out +++ b/test/results/default/instagram.pcap.out @@ -306,9 +306,9 @@ ~~ total active/idle flows...: 38/38 ~~ total timeout flows.......: 8 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8205853 bytes -~~ total memory freed........: 8205853 bytes -~~ total allocations/frees...: 149664/149664 +~~ total memory allocated....: 7836402 bytes +~~ total memory freed........: 7836402 bytes +~~ total allocations/frees...: 144067/144067 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 2493 chars diff --git a/test/results/default/ip_fragmented_garbage.pcap.out b/test/results/default/ip_fragmented_garbage.pcap.out index 3be80ef9f..f26877daf 100644 --- a/test/results/default/ip_fragmented_garbage.pcap.out +++ b/test/results/default/ip_fragmented_garbage.pcap.out @@ -157,9 +157,9 @@ ~~ total active/idle flows...: 29/29 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8022928 bytes -~~ total memory freed........: 8022928 bytes -~~ total allocations/frees...: 148595/148595 +~~ total memory allocated....: 7653261 bytes +~~ total memory freed........: 7653261 bytes +~~ total allocations/frees...: 142998/142998 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 333 chars ~~ json string max len.......: 879 chars diff --git a/test/results/default/iphone.pcap.out b/test/results/default/iphone.pcap.out index 8f16af762..77857f424 100644 --- a/test/results/default/iphone.pcap.out +++ b/test/results/default/iphone.pcap.out @@ -363,9 +363,9 @@ ~~ total active/idle flows...: 51/51 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8485798 bytes -~~ total memory freed........: 8485798 bytes -~~ total allocations/frees...: 149603/149603 +~~ total memory allocated....: 8116659 bytes +~~ total memory freed........: 8116659 bytes +~~ total allocations/frees...: 144006/144006 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 3949 chars diff --git a/test/results/default/ipp.pcap.out b/test/results/default/ipp.pcap.out index 5ac3ed292..7c3cf0a89 100644 --- a/test/results/default/ipp.pcap.out +++ b/test/results/default/ipp.pcap.out @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7976539 bytes -~~ total memory freed........: 7976539 bytes -~~ total allocations/frees...: 148598/148598 +~~ total memory allocated....: 7606248 bytes +~~ total memory freed........: 7606248 bytes +~~ total allocations/frees...: 143001/143001 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 2404 chars diff --git a/test/results/default/ipsec_isakmp_esp.pcap.out b/test/results/default/ipsec_isakmp_esp.pcap.out index 88121ecaf..ae35c706b 100644 --- a/test/results/default/ipsec_isakmp_esp.pcap.out +++ b/test/results/default/ipsec_isakmp_esp.pcap.out @@ -327,9 +327,9 @@ ~~ total active/idle flows...: 36/36 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8068975 bytes -~~ total memory freed........: 8068975 bytes -~~ total allocations/frees...: 149754/149754 +~~ total memory allocated....: 7699476 bytes +~~ total memory freed........: 7699476 bytes +~~ total allocations/frees...: 144157/144157 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 522 chars ~~ json string max len.......: 2373 chars diff --git a/test/results/default/ipv6_in_gtp.pcap.out b/test/results/default/ipv6_in_gtp.pcap.out index 8e26375c5..84af590f9 100644 --- a/test/results/default/ipv6_in_gtp.pcap.out +++ b/test/results/default/ipv6_in_gtp.pcap.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7961999 bytes -~~ total memory freed........: 7961999 bytes -~~ total allocations/frees...: 148276/148276 +~~ total memory allocated....: 7591636 bytes +~~ total memory freed........: 7591636 bytes +~~ total allocations/frees...: 142679/142679 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 304 chars ~~ json string max len.......: 582 chars diff --git a/test/results/default/irc.pcap.out b/test/results/default/irc.pcap.out index 61c62508c..68f50d530 100644 --- a/test/results/default/irc.pcap.out +++ b/test/results/default/irc.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967015 bytes -~~ total memory freed........: 7967015 bytes -~~ total allocations/frees...: 148318/148318 +~~ total memory allocated....: 7596676 bytes +~~ total memory freed........: 7596676 bytes +~~ total allocations/frees...: 142721/142721 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 1314 chars diff --git a/test/results/default/ja3_lots_of_cipher_suites.pcap.out b/test/results/default/ja3_lots_of_cipher_suites.pcap.out index d0eca5e77..44912fae8 100644 --- a/test/results/default/ja3_lots_of_cipher_suites.pcap.out +++ b/test/results/default/ja3_lots_of_cipher_suites.pcap.out @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7961999 bytes -~~ total memory freed........: 7961999 bytes -~~ total allocations/frees...: 148276/148276 +~~ total memory allocated....: 7591636 bytes +~~ total memory freed........: 7591636 bytes +~~ total allocations/frees...: 142679/142679 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 318 chars ~~ json string max len.......: 2360 chars diff --git a/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out index a27615079..b6ca7a1cc 100644 --- a/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out +++ b/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964882 bytes -~~ total memory freed........: 7964882 bytes -~~ total allocations/frees...: 148314/148314 +~~ total memory allocated....: 7594543 bytes +~~ total memory freed........: 7594543 bytes +~~ total allocations/frees...: 142717/142717 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 371 chars ~~ json string max len.......: 1948 chars diff --git a/test/results/default/jabber.pcap.out b/test/results/default/jabber.pcap.out index e76690e3b..1a4ea4ebf 100644 --- a/test/results/default/jabber.pcap.out +++ b/test/results/default/jabber.pcap.out @@ -116,9 +116,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8022157 bytes -~~ total memory freed........: 8022157 bytes -~~ total allocations/frees...: 148778/148778 +~~ total memory allocated....: 7652082 bytes +~~ total memory freed........: 7652082 bytes +~~ total allocations/frees...: 143181/143181 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2314 chars diff --git a/test/results/default/kerberos-error.pcap.out b/test/results/default/kerberos-error.pcap.out index 0da30ecd6..76ed772de 100644 --- a/test/results/default/kerberos-error.pcap.out +++ b/test/results/default/kerberos-error.pcap.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964157 bytes -~~ total memory freed........: 7964157 bytes -~~ total allocations/frees...: 148289/148289 +~~ total memory allocated....: 7593818 bytes +~~ total memory freed........: 7593818 bytes +~~ total allocations/frees...: 142692/142692 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 520 chars ~~ json string max len.......: 1152 chars diff --git a/test/results/default/kerberos-login.pcap.out b/test/results/default/kerberos-login.pcap.out index 5e69565bc..753ec271b 100644 --- a/test/results/default/kerberos-login.pcap.out +++ b/test/results/default/kerberos-login.pcap.out @@ -86,9 +86,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7990458 bytes -~~ total memory freed........: 7990458 bytes -~~ total allocations/frees...: 148459/148459 +~~ total memory allocated....: 7620407 bytes +~~ total memory freed........: 7620407 bytes +~~ total allocations/frees...: 142862/142862 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 520 chars ~~ json string max len.......: 2199 chars diff --git a/test/results/default/kerberos.pcap.out b/test/results/default/kerberos.pcap.out index bb137f0ec..7ce6d6448 100644 --- a/test/results/default/kerberos.pcap.out +++ b/test/results/default/kerberos.pcap.out @@ -196,9 +196,9 @@ ~~ total active/idle flows...: 36/36 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8091032 bytes -~~ total memory freed........: 8091032 bytes -~~ total allocations/frees...: 148774/148774 +~~ total memory allocated....: 7721533 bytes +~~ total memory freed........: 7721533 bytes +~~ total allocations/frees...: 143177/143177 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2499 chars diff --git a/test/results/default/kerberos_fuzz.pcapng.out b/test/results/default/kerberos_fuzz.pcapng.out index 23dcf7260..81efda41a 100644 --- a/test/results/default/kerberos_fuzz.pcapng.out +++ b/test/results/default/kerberos_fuzz.pcapng.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964100 bytes -~~ total memory freed........: 7964100 bytes -~~ total allocations/frees...: 148287/148287 +~~ total memory allocated....: 7593761 bytes +~~ total memory freed........: 7593761 bytes +~~ total allocations/frees...: 142690/142690 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 521 chars ~~ json string max len.......: 1044 chars diff --git a/test/results/default/kismet.pcap.out b/test/results/default/kismet.pcap.out index c30d5930a..36c7e19e9 100644 --- a/test/results/default/kismet.pcap.out +++ b/test/results/default/kismet.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967162 bytes -~~ total memory freed........: 7967162 bytes -~~ total allocations/frees...: 148323/148323 +~~ total memory allocated....: 7596823 bytes +~~ total memory freed........: 7596823 bytes +~~ total allocations/frees...: 142726/142726 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2239 chars diff --git a/test/results/default/kontiki.pcap.out b/test/results/default/kontiki.pcap.out index 705392490..5693cc119 100644 --- a/test/results/default/kontiki.pcap.out +++ b/test/results/default/kontiki.pcap.out @@ -54,9 +54,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7980366 bytes -~~ total memory freed........: 7980366 bytes -~~ total allocations/frees...: 148418/148418 +~~ total memory allocated....: 7610195 bytes +~~ total memory freed........: 7610195 bytes +~~ total allocations/frees...: 142821/142821 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2432 chars diff --git a/test/results/default/line.pcap.out b/test/results/default/line.pcap.out index 978ec124b..f42b3b74b 100644 --- a/test/results/default/line.pcap.out +++ b/test/results/default/line.pcap.out @@ -2,12 +2,12 @@ 00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":608455689} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":608455689,"flow_src_last_pkt_time":608455689,"flow_dst_last_pkt_time":608455689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":872,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":872,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":608455689,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":608455689,"flow_dst_last_pkt_time":608455689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":914,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":914,"pkt_l4_len":880,"thread_ts_usec":608455689,"pkt":"UlQAEjUCCAAn5uVZCABFAAOEak4AAIARRmgKAAIPfdH80saTUIIDcGeR22QAuQYCG2FDK1vv9fugGrOT8etA8A80AvZDaYmouGz3h3IHV1X5ElUpOC9dlDONLPAPfVgIYt5yAAAAKxpqxcwsrZxwhx1xKWqCFVz8ThMLekrlMqzL884f90GP2NtK7Ce8hzDQNrwRj9rBBTjTz8s6H2gTPjSg0VDLz20S\/lg6tSMQGiPk18OAgr8Cvvp\/hozCjTC4rWGtBZMNzWhsdRZ0vEFqySrtoCKzbjIs8sYLfeI\/Srmdhg38hXlV6rP9b8ENgYDmhrGulF6otA0UNGy35B4kYdo\/MhPSqQjQ8pcsGIy70IR4UFuSLysmmi75oS+WVNM3dgKIvi143xwOy7qgdOdPV5c+gyBB3mtuSgX0e6xOZRh+2kBmE1\/y0Gdj0dNsXH1vof4pPU4HsRVsS0JvYE0U4YlCdanTAcZNPEnmP1noc5qyuh3us6i5xZtmZnUx0T0dXCf0c9mjorZc3Lgg0l497C2CPwMYdagIqBvgEBhiD2cLJ1VerQb93JW2WKPOLzzLgg0\/tyC748UEXnP1gVpyk34Qd6ThuEIyp\/P3Utszr2wDnYN9cXknXxovlsHtIUI308PKUR7uibVl6bPutV6morvNcIbC58Fk8I1neHuYJPbML1G3OCQjgPc+UH2RxL9dDmY3xJLGPaDlORHwLn0Y9UQRY8Lhk7amd4Z88RICqBguRbixN34f9ZzfQZMdoKSWIV7icBWCmxX4crcCBO1D2278Obn+4x7poeFXGeVaVtHFvQ6rkr5dyofRWaIN1msakDrm5L5U8AF0mUYN0+12kJO8yLievpdn6xzNd4bKeYsb3C1FFeKFwSAPzqOUDv9aT+WW4SKHyylw0pdUVK4cuveXzIF5ZRqBwY2i+cjXDSGbNnaKBH2ErXqKoIrNiwz6KvRlsA2pt5TBITtHSGuD8PCKzt2UbnDxqzPIw8XsLbhafMorn0W89jxSC0Q8Vcy5wNKz19TflD1049Gv1NMbjNbekdfzuC5B7dQh0znvHrAE2PGpwN4BiBtJYQuHSvS+0685SuSAtdMbRHQMsckK4xIqoTfFa8AuUNh26FRzuRQPpkBBXrr2KepLiEo\/cCleIvjlciTpS1Gl7qHYI81WnNc9aJzRlAfia2MhNrGqry00clXMkM3NxH01kLKkBz0CIEQ="} +01023{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":608455689,"flow_src_last_pkt_time":608455689,"flow_dst_last_pkt_time":608455689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":872,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":872,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":608455689,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":608955846,"flow_dst_last_pkt_time":608455689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":914,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":914,"pkt_l4_len":880,"thread_ts_usec":608955846,"pkt":"UlQAEjUCCAAn5uVZCABFAAOEak8AAIARRmcKAAIPfdH80saTUIIDcO9E22QAugYCG2FDK1vv9fugGrOT8etA8A80AvZDaYmouGz3h3IHV1X5ElUpOC9dlDONLPAPfVgIYt5yAAAAKxp+KXUxiGhEtbTRdExhlA0sYTXj+XLV\/Lc7M7BUiHuHvPOVy4zOpKMXKf5hC2pPEVMgqRbYAi8R4\/0WUr8MIU5KMtXJON+h5\/Gf0GmEqpI0gWwciVdpaE+MLCTpp1w5\/7hNvgU1vj42aKoQPKYBsWGKLpfvW6aoGBOow33p0GC6HtN0BucF+iRVqqR6jcWV8FSQPPWk\/wH7kjb94AJa8Sy11eVK27v8eL4EO25ZkLyQYJXPKNBtW1Mo5ro9TFnQfxXkB+IziA7qPnltRGXuvlS3HGm6XiCD3+4bSTLSScue0znjhBR4mKfrhvRJw5fKeLCLRFIZDMa7dbRYznHPoV6xXocmSj70wA6tEkabzHNKy1dn5DtV0pJD3CZsOnMhbRXuaaL4duAJDIi7il6yzJUqH8Ohr5ZaMgjc0ZYBCP\/\/fuJZmt9yVOFmJ8FKse2yK5EK1evusL9a5Zyxw0z7k6OI+r7xiJYnmp+NyfXIgO1eMZd2p6EoRQg7hOjNcO8WxqOTUhhbZxLafpQubGDIp4X8B9RzWyIWHsbLdBRa3NJdyJ+hUJ1A9vJ7xVcqSK8WAj33jEKv\/C5577GZAS4Y5\/9x4NQkTu92g8scxKk2XbbA3yeu30qiuHoJ\/HMEMyBOaNBvwsHDTKdbQ8ivqcOLzswtMvDQgkSzYpl8bjirMjYrV+NEetKr0aA4onbJlFHWWC+fs8g6dkyB5KL02Xc6TAY0vSG\/c9tFtGkheeapprK+dBtdZnyfjWyAVR6UXsRK+jC42nW\/HjHk1k5ee8XL07ePG4f7HUbXg6\/VIDsSJO774e1OFiHs3nVUOZW7tS2SjA\/SnSzSaUS9cLwHd1xrZrPr56IjHihoHY7Ytjo0g035Ow6lqOgC4sfG2OaTpZb0So+Qtzi40OxwWqi428I51dxOo4MQuPhq75BGv5QPWNh68EXURxgYDnvLE+bUK7QeCHmi8BDqJVkUpFXnt\/QQ2Zs+tO+5vN4J2g3nIIITLFFqOsBtgMgU6udP4uLmdz8OKdMv6izFhwDptrqYqP0VXd4K0OeBgQIgYZUbRj5Oaw1bVNT7jbyx2PWxtQQ="} 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":608955846,"flow_dst_last_pkt_time":609000395,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"thread_ts_usec":609000395,"pkt":"CAAn5uVZUlQAEjUCCABFAAEOubQAAEAROXh90fzSCgACD1CCxpMA+top2O4AZgYCV\/RJTq5P8eXNYO9XdF70Fj9KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKKQhFbNXLy77WpjeD18nZ+drtK6RQmY4q+mRBLlceZmqHnNWJzSHpFcECYQuk3zzIsa9vbf7wwZSp0W720UImgoQG8xIDcmf3IyEULMH7n4DlZ+HBC9mgpxyGeSyn1UsJEQrLNzYYTLDuupp9QLr1bdLdaGQSknnmOmIo\/wiXaxD2cz\/YCs9qpoCfGznUsRqeRhLebKDtXWvpj11VLZn3YuoHr7wrT85GTmFvtHY1TEEjXAc1P4="} 01495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":608955846,"flow_dst_last_pkt_time":609533458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":782,"pkt_l4_len":748,"thread_ts_usec":609533458,"pkt":"CAAn5uVZUlQAEjUCCABFAAMAuboAAEARN4B90fzSCgACD1CCxpMC7Cmf2uAAZwYCV\/RJTq5P8eXNYO9XdF70Fj9KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKpZJyG\/GGz9dcm\/Mr8\/7LWMlqzk54MO7ELXqtqSqfd\/YBdqlDZSVUrL97nZoyannQ+4sHLstSS32UsGeYFShNlIkPzze5YiNYv50x\/mH\/A9pbgu69Q+WF2ip97UNP5700H4+qhxbmcY9HS8ZIxXwfhRpVqXecYovPU98m66ZIHMk3AxDUggZJzXM8Cg9Ioa5PEOWCC0RQ\/+ZM\/xmE25dREFZwuEuTY4v54VaBEf\/1fcmWRmuO56S4CdHmd3r6UrJgdv7HOPYh1FHZImH9K6Vp5v43+PDFYehvgjuZevIzB9KNNpgRaXiJIoH9HKjsrlk8bFBNxGh\/Z3wVkNzkk6aZPEyGQfpJxhMdxxwGT2MsqjyEwRxvenqN6ZiCnhNKvKa1MoubR4Q69dsKI5vcArBU28dcnpBI49S+Gue7Y63pIbagOo3yJzlth5QkSgGoh3WTgewJUJPSW2CESchMymRIYmXZ453SQiLQDUOijjH9BTXQLRM1Jktgb1Ku3YtQhwOuoynAJXV8IgsD1XNcPeHVXH4cjiPxry8hY2LXG+Dpn0+ElcIAmuYGLXgyIWmFgMDccUsS4PEmO+H98\/37Xgd\/JFCN+BdEPL8h+w8JjEm76kq4pMrFkodu9TWUlq\/f5btNgcE3NZ5tj5unKE3tunn\/9XLrY2YdRaUSo3NFlLxzIy1Ls5OLl\/yp4rUeg\/491eKamydkxVOtbP5kUPMBZAToihwFzkbtaPi\/sHlzwamjGpc5urLdFERd4ubko4hgkGPbUQFvpEefL+PiNep0MCAfLSiIccfs7kEszIxBA1tUC\/E7ZoDjNG8bd9x9za\/H5o\/i6SrM4jgqtlvtdLcuIQKuEI0hJJAH84pOvAZwnqFLwqt9Aj1HWP7oTHWsPEdIMwTkD1+nw0mJ4o="} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":609557906,"flow_dst_last_pkt_time":609533458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":609557906,"pkt":"UlQAEjUCCAAn5uVZCABFAAA6alAAAIARSbAKAAIPfdH80saTUIIAJgbQgOUAAQAAOrIJvaZ41xf3vWhbythM\/0LTmd0td5YJ"} -00904{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":608455689,"flow_src_last_pkt_time":609571614,"flow_dst_last_pkt_time":609598428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":2261,"flow_dst_tot_l4_payload_len":1420,"midstream":0,"thread_ts_usec":609598428,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -02152{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":608455689,"flow_src_last_pkt_time":610177798,"flow_dst_last_pkt_time":609998416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":2795,"flow_dst_tot_l4_payload_len":1792,"midstream":0,"thread_ts_usec":610177798,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":41,"avg":105317.3,"max":602060,"stddev":182193.2,"var":33194352640.0,"ent":3.4,"data": [500157,544706,533063,602060,13540,168,64915,55,263094,290370,5367,20000,10523,19462,58958,10024,9911,21001,21013,9059,41,8011,22020,2894,7145,6942,42069,58114,10385,99326,10443]},"pktlen": {"min":58,"avg":171.3,"max":900,"stddev":234.5,"var":54984.5,"ent":4.1,"data": [900,900,270,768,58,380,163,163,331,64,65,65,64,64,64,66,64,66,66,66,64,66,66,66,65,65,100,80,67,67,65,65]},"bins": {"c_to_s": [1,14,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,8,1,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0,1,1,1,1,1,0,0,0,0,0],"entropies": [7.775331020,7.771239281,6.645260811,7.613231659,5.193683147,7.436975479,6.710443974,6.755647659,7.369442463,5.120024681,5.136775970,5.344619274,5.143614769,5.249160290,5.311660290,5.195097923,5.186660290,5.286006927,5.346612453,5.316309452,5.217910290,5.286006451,5.255703449,5.316309929,5.252311230,5.160003662,4.125199318,4.492414474,5.378718853,5.348868370,5.240697861,5.209928036]},"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02276{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":608455689,"flow_src_last_pkt_time":610177798,"flow_dst_last_pkt_time":609998416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":2795,"flow_dst_tot_l4_payload_len":1792,"midstream":0,"thread_ts_usec":610177798,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":41,"avg":105317.3,"max":602060,"stddev":182193.2,"var":33194352640.0,"ent":3.4,"data": [500157,544706,533063,602060,13540,168,64915,55,263094,290370,5367,20000,10523,19462,58958,10024,9911,21001,21013,9059,41,8011,22020,2894,7145,6942,42069,58114,10385,99326,10443]},"pktlen": {"min":58,"avg":171.3,"max":900,"stddev":234.5,"var":54984.5,"ent":4.1,"data": [900,900,270,768,58,380,163,163,331,64,65,65,64,64,64,66,64,66,66,66,64,66,66,66,65,65,100,80,67,67,65,65]},"bins": {"c_to_s": [1,14,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,8,1,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0,1,1,1,1,1,0,0,0,0,0],"entropies": [7.775331020,7.771239281,6.645260811,7.613231659,5.193683147,7.436975479,6.710443974,6.755647659,7.369442463,5.120024681,5.136775970,5.344619274,5.143614769,5.249160290,5.311660290,5.195097923,5.186660290,5.286006927,5.346612453,5.316309452,5.217910290,5.286006451,5.255703449,5.316309929,5.252311230,5.160003662,4.125199318,4.492414474,5.378718853,5.348868370,5.240697861,5.209928036]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00575{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","packets-captured":51,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":7138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1663913332980371} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1663913332980371,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1663913332980371,"pkt":"iJCNB9vohKk4ukxYCABFAABkhQ9AAIAGAAAKyAN9k1ylwuHxAbtdIq0\/pMNUV1AYBAFHugAAFwMDADdo++xFfUkOJQ\/QhCWutve1sws40Q+84WpHcqg5rtUCVtgRpFPRgdwDdzjyMyfjtUsn0c73u5RW"} @@ -27,27 +27,27 @@ 01627{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913333241633,"flow_dst_last_pkt_time":1663913333481395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3261,"midstream":0,"thread_ts_usec":1663913333481395,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"uts-front.line-apps.com","tls": {"version":"TLSv1.2","server_names":"*.line-apps.com,line-apps.com","ja3":"ca75ea4a95a9164cc96e372d7d075183","ja3s":"567bb420d39046dbfd1f68b558d86382","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=JP, ST=Tokyo-to, L=Shinjuku-ku, O=LINE Corporation, CN=*.line-apps.com","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1","fingerprint":"3C:37:D7:AB:BE:E6:5A:A5:BE:14:62:C8:21:8C:BC:E3:3E:A8:3E:96"}}} 02188{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913336388129,"flow_dst_last_pkt_time":1663913336380823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":296,"flow_dst_max_l4_payload_len":334,"flow_src_tot_l4_payload_len":1142,"flow_dst_tot_l4_payload_len":1292,"midstream":1,"thread_ts_usec":1663913336388129,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6905,"avg":219619.7,"max":2533141,"stddev":601190.4,"var":361429958656.0,"ent":2.8,"data": [74605,74711,34434,71161,134842,63602,34330,34381,78205,122566,44300,34282,34254,68317,109320,41185,34458,34320,6905,46826,64547,58950,90163,2533141,2477508,34518,34165,78836,154671,69564,35143]},"pktlen": {"min":40,"avg":118.1,"max":374,"stddev":90.9,"var":8262.1,"ent":4.6,"data": [100,46,134,46,146,93,46,150,46,343,95,46,146,46,113,89,46,150,46,216,89,124,96,46,95,46,336,46,256,40,374,89]},"bins": {"c_to_s": [1,8,1,3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,0,2,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,1,0,1,0],"entropies": [5.948760986,4.652828693,6.332477570,4.696306705,6.569760323,6.006792545,4.696306705,6.565413952,4.696306705,7.383316040,6.030017853,4.652828693,6.526851654,4.652828693,6.386383057,5.933434010,4.652828217,6.670314789,4.696306705,7.039282322,5.852028370,6.250293255,6.048403740,4.652828693,5.950967789,4.652828693,7.256349564,4.696306705,7.137952328,4.780641556,7.407141685,5.877035141]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 02329{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913342823022,"flow_dst_last_pkt_time":1663913342822836,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":4192,"midstream":0,"thread_ts_usec":1663913342823022,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":633542.9,"max":7306445,"stddev":1725177.1,"var":2976235913216.0,"ent":2.7,"data": [237342,237605,1014,239671,1368,0,0,239919,3744,241388,238671,278520,277391,237506,0,0,237646,7029518,7306445,276831,237603,712,0,238338,524359,801600,277245,237667,0,0,237727]},"pktlen": {"min":40,"avg":272.5,"max":1500,"stddev":367.3,"var":134881.6,"ent":4.1,"data": [52,52,40,557,46,1500,1500,381,40,133,314,335,46,581,46,224,75,40,335,46,613,46,224,75,40,335,46,612,46,224,75,40]},"bins": {"c_to_s": [6,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,3,0,0,0,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0],"entropies": [4.516527176,4.923395157,4.780641556,4.813910007,4.544876099,7.233272552,7.495951176,7.379673958,4.780641556,6.214868546,7.183261871,7.332785606,4.501397610,7.644387245,4.501397610,7.034603119,5.700131416,4.780641556,7.404506683,4.435436726,7.647257328,4.565871716,6.998442650,5.771955490,4.611769676,7.254877090,4.549460888,7.643351078,4.549460888,7.047076225,5.680000782,4.671928883]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":22,"flow_first_seen":608455689,"flow_src_last_pkt_time":610324653,"flow_dst_last_pkt_time":610390479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":4120,"flow_dst_tot_l4_payload_len":3018,"midstream":0,"thread_ts_usec":1663913342823022,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01078{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":22,"flow_first_seen":608455689,"flow_src_last_pkt_time":610324653,"flow_dst_last_pkt_time":610390479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":4120,"flow_dst_tot_l4_payload_len":3018,"midstream":0,"thread_ts_usec":1663913342823022,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913345063942,"flow_dst_last_pkt_time":1663913345063942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":853,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":853,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913345063942,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1663913345063942,"flow_dst_last_pkt_time":1663913345063942,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":895,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":895,"pkt_l4_len":861,"thread_ts_usec":1663913345063942,"pkt":"iJCNB9vohKk4ukxYCABFAANxQEkAAIARAAAKyAN9k1ypWsfZcY4DXU5q21EDfwYCsDftA62ApMwfM37ZI9Q0qJcVA2+24MTytJtoPbFoYtvVtXvdQe7G+vNkHdVNTkaB7r0rAAAAKwdDz7dnddQSzJpDpiqbSrGFA6xzqQiWcs3ZbpWyKRD30SNFFEmMzPnd4y9oAixi1Jn\/KHGRdHcPcNHno5lEV5NUNwygknAaTuW5Fhkv31hKsKfXMdrXJqc9ngUTgmhB1IAnD\/XqN++J0EeWwXQWXAbuAYLV212eI8okXisddN6hPaDwTg+6Hqi51\/7tkfra+OZuRdsfJLY4P0ve0guKnejEs8dFreWeBszBmKahqBLDDm5r5LGGNENJW8J4kghY6omeYfbdPKC0DhBvpHm5tOyPNm5NbajbIeIMRVvje6lcp+7wIIH4CwFixuH1uDTOq8JkqYz3+zQu0y5hN\/48j6\/OKGLd6LBcYsIWAvFfH3h8cFWGg5FWeuksQ7KpS1g5PnxW1BA2Rz8+XboOW64\/nZNTZ2F0LemkEEHZdNOfCfsTRG7W+zNSkxcOMP1fWnWjDgPpMZQ9eSKRdsAxR4aw9graczj0WiVEFF51uhXaAo+PJmxwMxRi\/U\/lhvoS555BA0lejdkB5fPVli7S78Y\/OGtFgvJjCanPHSajVdXYMfxhErTrJUQjbC6bz8LrTWreS8e69y3vTPY3P3GW9fgT4WAK6YiXqiXHbjqI1KbvZqxTXCko4KbrwWm1VDEV2DTLraW5UVpDftaON2IjAk73ewWuck+hTwNv+2VfihBxmm2071H8A6if+tUV6NPGrFI93LWo4\/E+IQuLx6sF1VSZes1M0tp5EBg+5ijAAWhUeonTQZJizVQTIkCb0WcHlqvblCcMOcLnKQUwDqvkEHbe96N6e2KlSUyrHTgPzoVoWQgTbDCL+OOqpxB1CRmaRWyiOnHDaSseG76f6RQBrHEQHD7ecDNlAbfJPdHKCYE+F\/HOTpaTJlaRpzRaUPXG+PFnDKK+gRffUu37IfUYPd359K0poSNCMUmkFtNBRLlUhaCCCMkRIGP6MwAsuJHolxWY2b3ch4fGwEokOxiC+xvVInYPX1iGoC6hj9SR9dcB\/lQT\/VUWqnYiQQXbuWEsH25mN9C7SQMSmS2nxEyaBLycjD2+mSi8q+gl5g=="} +01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913345063942,"flow_dst_last_pkt_time":1663913345063942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":853,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":853,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913345063942,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01038{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1663913345063942,"flow_dst_last_pkt_time":1663913345239687,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":433,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":433,"pkt_l4_len":399,"thread_ts_usec":1663913345239687,"pkt":"hKk4ukxYwurksClYCABFAAGjA69AADER+Z+TXKlaCsgDfXGOx9kBj4SI2YMBAwYC5Os+kCfk9DGfMW\/Qn0vhCmcHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKTmozmWf3ghygbLD2xXHrxgZNghkySPLPQz7UxTs0ovAKaRI6yzRbUvg+8l6UMu55lPLsCvJL54izeYkeDNdSZaFI9RbWzYaWxGZ+kTIss1+Yv6zWsnlpKYHADS2gyxn4LXjfSvGofcGO4VXijQfrqQyDLZBZn1fAkAh4VmUCYfnmlaC4eOmUBjFUoXRhlar+ReLi8tIDiC6sCcfYA+8s8B76G0Nyul1qN8kD2N6pK3rGCZiSOIbLEtgeQNF1tg2ldJbPdWbYjIY1Wlh+FtKx\/iXXe5iwxWFGXb8ZUu11iydMnfkS79V9imlV6993ElFxb8fe8gMQ+N+m4ev0gdUiF4i9D5EK3n\/SK37swv8uULT51eRMGavH+\/d9ZAx2DnIP0xgCLrCiJMWRcFvQSHjPQAFTk4\/4XsMSHxzdqIFqqkx2Fyu+4KSllbhwQ=="} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1663913345288989,"flow_dst_last_pkt_time":1663913345239687,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1663913345288989,"pkt":"iJCNB9vohKk4ukxYCABFAAI5QEoAAIARAAAKyAN9k1ypWsfZcY4CJU0y0hkDgEoHzQbzbpAaHct8yLpOlx0zVYHLfb7Q2CpQXClMOTVD1qC\/ElAevWJfxK1\/597BRqrNz2epwf5MbyQyRz5XSf59YvYH8d\/tOs+sUHWhMJZmyPvrvajVIwyGjqg5aMehgW4uMF05PmQvg1rWPysgfqEebdAYD185RMqdeN6TRlAw3rfVsYnUFXsEJkLYXFLdzz5kgUVlyG1v12seuC2xwOzpj+8kT3RLLIrm\/MCRAJBfRGeYWc+awK2LgIOIKVBlE3PbocaEFAH2GrfBTvytKH753SC3Lj74hB9WDGSlcqi7uXuzWRBRn61Gusth2L2stepSzowM0njJyFpNadECVnkjnYnRc+ymasCP4aaU3Etp33s64h0o7SwXspPMQ+raq65bz8Ts8SiP1kjPgJhv1D27tfQDfueBNaGck6bx8QZwmxY4ekAIdFd0hRrJEpvMqI6+ShpMH7SnkFJmH56CCBPyHgHNLKNbj0OrZbVbW3+JD\/8QNvlGbXeY4ad2qI+6iwQ9T9+pupJk2PYzEZG66y4IX\/gw68iid3qi7F0BVebJfPbyYB6veXz3lR0lgqPJFVI8fUqK0jLu7DSrw\/3KwqDiqK6BTdcw7BE4rRFaK4PRHsoR7ivhMGb7ncAHk1d4smVRU0AMma9uod9ETVdoPVBQLpi+f0RBMDC+doKePX0rRAJ66cw8wbRbrCD582xLZ54b8wNbdhcJEw=="} 01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1663913345289048,"flow_dst_last_pkt_time":1663913345239687,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1663913345289048,"pkt":"iJCNB9vohKk4ukxYCABFAAI5QEsAAIARAAAKyAN9k1ypWsfZcY4CJU0y0hkDgUoHiKhGaAX5GuajEC5CtPFu0yothBhwyJ1zT9yaiU2LgzNclSnqSz\/zzULt6Yr2Uht1DpmH5gbu3LLsHNV6a14HBQCi8hJG1+TCP9cjocQr6hQcq3q\/O2k+\/RH\/vXoJFAVbZi72muarMz9Km4oEZULu0xNwcEy31AozwG+Fw0Lzts7\/XYXFUqN6MynVit8b0U8pCrhGVDy6qFcRmHuXnnIz4qqGL9wf+jJ9FOfDysrrRd0xX24xx+carokkIOa\/eHaeq7fI1cuvJV1Xdx28wszLbddDq4nb8BH+yPE0pqeN87MnRCNcaToV3O286Qsk\/kbH\/M3N2Z0GSKOE+CgeTnYHP4ri+yYMqPaeKplOBnl2PdJtF5SFk5MsMwnKFFJia7EclZPGnwgp\/e3epaBtok0dVMY1OGVg\/Abq8NTgD8bYqo24tdoqiyH7qoUv3FCaCR2v1RtTlqlwGSmacQNUJTUfd1z8WfoTx\/TXXHmLpTGMJ035XrifRLyX5eNTMv+yDHCP0Vsc3Alvag+dgBD1CByE9NCAhN3HeXYAZdmFb21HcSAYP2LC73xTWJHc84431w1KbPG\/9OMNXAUIpnVN2I5fN88tXVL1EThAkin1a2FiwJksp+74jpvK8VOLSX1nxWX2eqQSqhBWi5NxklPiQiR9tUk7zNvTf1Nx\/0V5JPtwo+lGJIUb2OxgEDyg+yI3Ac\/cOm1CJU31aw=="} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1663913345289083,"flow_dst_last_pkt_time":1663913345239687,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1663913345289083,"pkt":"iJCNB9vohKk4ukxYCABFAAI5QEwAAIARAAAKyAN9k1ypWsfZcY4CJU0y0hkDgkoH4fXjR78UbBk55bC11tKoet8mWsuofGTVg3BDDueInFq4I2GHIgjJ4u0feEmKlgylyNuTHlxQZc4kH2D\/VY\/VmE46hmqP2oVMjLDXdADwzICO2nyNfpPRWjFRBRR8I4\/VTiJc59XSw6xVKVl+Kltfh2iUVOzTJPxnbYbotdp6D+wgeMUI3WneAvmGtJnJWORgIjgJlaz2ZOanLkN+pFe+jFVSIRwZLIUs8ybS8fHsA85ykwXp0TNJKmBf2pX0EtwanAoUKSCQ6Okumir6819kZMt14QUNfNQanyhsc0WgwnyrobrwZlS1Ic1rX8xoH2MMZGSbt7hIKlWQtuwURlDeoYU9N33anPoFEN5C61vANKW3yqCivFfa5WYFTLqTN9loxIWnygng6F44dvfWKkGIxM6TNZOy84AqtXHeXHpKtnN4rkKnxizdaZyH4BDvwahiJKQQ+0MrdjJanZ2FovMNYlTt3pByQRjjsTlwBRrkhBVGbH10clpFK3srMAWg5I8D9ngdbhTIden3xe\/sKWF1GJnLBrQml3xeBJ4ertZhyVIrr4QiXwfHFFfVpBvoGK8v+HpMYZJLms5ZvEgtsEGGSyKy8odQX4opkjNoALJOy\/CyMc9Xjvc0WqtaILNMHn6Kl9AAcyq6PssvKqRJv5HOvA8GUrutq9Atzc6rjH5SKtx4+gDL7sOUAzCBL\/Bxs9kACdnOsqjuzw=="} -00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":4,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913345289714,"flow_dst_last_pkt_time":1663913345324006,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":9673,"flow_dst_tot_l4_payload_len":1845,"midstream":0,"thread_ts_usec":1663913345324006,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -02120{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913345289714,"flow_dst_last_pkt_time":1663913345324209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":9673,"flow_dst_tot_l4_payload_len":6723,"midstream":0,"thread_ts_usec":1663913345324209,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15678.7,"max":225047,"stddev":51123.4,"var":2613605376.0,"ent":1.5,"data": [175745,225047,59,35,38,31,59,34,37,32,38,31,36,30,43,29,35,45,113,84319,0,0,0,0,0,0,155,0,0,0,48]},"pktlen": {"min":59,"avg":540.4,"max":881,"stddev":131.0,"var":17170.0,"ent":4.9,"data": [881,419,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,59,161,398,570,570,570,570,570,570,570,570,570,570,570]},"bins": {"c_to_s": [1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [7.761873245,7.165147781,7.605986118,7.625072002,7.581394672,7.661452770,7.659568310,7.627281189,7.538283348,7.648130894,7.648977280,7.646443367,7.577320099,7.610880852,7.662839413,7.594055176,7.592848778,7.662833691,5.346174717,6.693209171,7.482118607,7.644935131,7.664292812,7.595146656,7.643230438,7.594839096,7.698119640,7.644002914,7.648988724,7.686812401,7.668937206,7.563340664]},"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02245{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913345289714,"flow_dst_last_pkt_time":1663913345324209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":9673,"flow_dst_tot_l4_payload_len":6723,"midstream":0,"thread_ts_usec":1663913345324209,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15678.7,"max":225047,"stddev":51123.4,"var":2613605376.0,"ent":1.5,"data": [175745,225047,59,35,38,31,59,34,37,32,38,31,36,30,43,29,35,45,113,84319,0,0,0,0,0,0,155,0,0,0,48]},"pktlen": {"min":59,"avg":540.4,"max":881,"stddev":131.0,"var":17170.0,"ent":4.9,"data": [881,419,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,59,161,398,570,570,570,570,570,570,570,570,570,570,570]},"bins": {"c_to_s": [1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [7.761873245,7.165147781,7.605986118,7.625072002,7.581394672,7.661452770,7.659568310,7.627281189,7.538283348,7.648130894,7.648977280,7.646443367,7.577320099,7.610880852,7.662839413,7.594055176,7.592848778,7.662833691,5.346174717,6.693209171,7.482118607,7.644935131,7.664292812,7.595146656,7.643230438,7.594839096,7.698119640,7.644002914,7.648988724,7.686812401,7.668937206,7.563340664]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913367738267,"flow_dst_last_pkt_time":1663913367738267,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":160,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913367738267,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1663913367738267,"flow_dst_last_pkt_time":1663913367738267,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_usec":1663913367738267,"pkt":"wurksClYhKk4ukxYCABFAAC8Sc8AAIARAAAKyAN9k1ypWsficY4AqEu12JwAcgYC51R82\/sdO99W+wDF9jRfrb04AvdMqXgb50wZvLLuXlSCkyWjcTUi\/cKTsgFGYmcKIB96AAAAGFLc1BqRYT1Dm7zdTADjC6LfWNOY+ZEwbJI1TuqdH\/4lX1PnX5ypdPBspPInQ5c4Diw4J3pBlZs8ubDt+Nn49oFw4dOAHrwEcHe9mQwlyS\/LIDR3HXQdhB1FkyUfjGy7C74gwQ=="} +01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913367738267,"flow_dst_last_pkt_time":1663913367738267,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":160,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663913367738267,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00796{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1663913367738267,"flow_dst_last_pkt_time":1663913367772993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1663913367772993,"pkt":"hKk4ukxYwurksClYCABFAADwQZFAADERvHCTXKlaCsgDfXGOx+IA3NB52NACCQYCBIgnUgi+cJpIHzo0pKH2Mof4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGIbR7dsF\/FEeXuqKNGZ6qn8qjIIpdAkiMwr6nheNdCGmi1kXcmtFF2hM1QUfM6lbpEMI9gRcmiQNtvZ1OzmocB7uYLA5SaOJtlKIZY26U6n3DvHUf4bSurhdRlpuxDXW+UPFw\/GeWj27d2MEWlMpnePK7wBoWt9TAqxwnCv80psjYFsdMpXp1k68dUPN\/RygINo0Ogit4C8="} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1663913369776646,"flow_dst_last_pkt_time":1663913367772993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1663913369776646,"pkt":"wurksClYhKk4ukxYCABFAACgSvMAAIARAAAKyAN9k1ypWsficY4AjEuZ0IAAcxhuz\/CknxAHtn8nVIbxa5FdzvAXUDYRrC1vYGBs6gl2kDv+IDfonNzdmBmoe1ShAHocyanQTqCjjGpx7UoS9VROkFCk9NWJIOfeGjaMAKvNsC88xDjwB9Vf\/kaqamTnUDt+e8vVH\/mBL1fPG5HkHujr+Y+mBI6BFFwwBw4z1XDu"} 00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1663913369776646,"flow_dst_last_pkt_time":1663913369810719,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1663913369810719,"pkt":"hKk4ukxYwurksClYCABFAAC4R8BAADERtnmTXKlaCsgDfXGOx+IApJqp0JgCChiGWLDhCymPOiA7GOihUKqK90TkrcqFwullJAEV2oADnWihdbyc6q\/nasDV+Dh7A70pIhdCEfNArR1c\/WhebhyTFFePqAFlbq1OzARGumdiSRhxlNcCjkr6Q2K08GtRKaw\/NnxYXqK5UjlCvzZGM4WI18t7ZD6sNk4z6FH7+I3LIDMZGWElUUwTstmPxEW8Fmp9UpUHCUfq"} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1663913371776534,"flow_dst_last_pkt_time":1663913369810719,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1663913371776534,"pkt":"wurksClYhKk4ukxYCABFAACgTAsAAIARAAAKyAN9k1ypWsficY4AjEuZ0IAAdBhu88EWWQL4L1LbfqJDYnRGb01n1sKe0lvHVBBVqL892BxEkY41O\/gD87wC+rkYULF+KivffNKDYpmu8Lr2YTMKuqmgFw81LNTiXLlSmUStTYkycWllbdexMt40BG5jgNMIyhppdjzjK900bA0+E\/u\/TLw5WKXLjH9MQPIR88Dz"} -00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913373776892,"flow_dst_last_pkt_time":1663913373811116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":1663913373811116,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":66,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913353743994,"flow_dst_last_pkt_time":1663913353727759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":12625,"flow_dst_tot_l4_payload_len":13364,"midstream":0,"thread_ts_usec":1663913403056559,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01104{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":66,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913353743994,"flow_dst_last_pkt_time":1663913353727759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":12625,"flow_dst_tot_l4_payload_len":13364,"midstream":0,"thread_ts_usec":1663913403056559,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":41,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913418926686,"flow_dst_last_pkt_time":1663913418885464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3138,"flow_dst_max_l4_payload_len":334,"flow_src_tot_l4_payload_len":4954,"flow_dst_tot_l4_payload_len":2495,"midstream":1,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":21,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913402819217,"flow_dst_last_pkt_time":1663913403056559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":4223,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":66,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913353743994,"flow_dst_last_pkt_time":1663913353727759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":12625,"flow_dst_tot_l4_payload_len":13364,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913375776479,"flow_dst_last_pkt_time":1663913375810399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":66,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913353743994,"flow_dst_last_pkt_time":1663913353727759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":12625,"flow_dst_tot_l4_payload_len":13364,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913375776479,"flow_dst_last_pkt_time":1663913375810399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00581{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","packets-captured":290,"packets-processed":290,"total-skipped-flows":0,"total-l4-payload-len":49504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1663913418926686} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 290/290 @@ -57,9 +57,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7995346 bytes -~~ total memory freed........: 7995346 bytes -~~ total allocations/frees...: 148633/148633 +~~ total memory allocated....: 7625103 bytes +~~ total memory freed........: 7625103 bytes +~~ total allocations/frees...: 143036/143036 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 2334 chars diff --git a/test/results/default/linecall_falsepositve.pcap.out b/test/results/default/linecall_falsepositve.pcap.out index 8c2313e68..9799203df 100644 --- a/test/results/default/linecall_falsepositve.pcap.out +++ b/test/results/default/linecall_falsepositve.pcap.out @@ -73,9 +73,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7961999 bytes -~~ total memory freed........: 7961999 bytes -~~ total allocations/frees...: 148276/148276 +~~ total memory allocated....: 7591636 bytes +~~ total memory freed........: 7591636 bytes +~~ total allocations/frees...: 142679/142679 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 314 chars ~~ json string max len.......: 1290 chars diff --git a/test/results/default/lisp_registration.pcap.out b/test/results/default/lisp_registration.pcap.out index b30631694..572644dc9 100644 --- a/test/results/default/lisp_registration.pcap.out +++ b/test/results/default/lisp_registration.pcap.out @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7975365 bytes -~~ total memory freed........: 7975365 bytes -~~ total allocations/frees...: 148352/148352 +~~ total memory allocated....: 7605098 bytes +~~ total memory freed........: 7605098 bytes +~~ total allocations/frees...: 142755/142755 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 523 chars ~~ json string max len.......: 1436 chars diff --git a/test/results/default/log4j-webapp-exploit.pcap.out b/test/results/default/log4j-webapp-exploit.pcap.out index 8928faac7..412968c47 100644 --- a/test/results/default/log4j-webapp-exploit.pcap.out +++ b/test/results/default/log4j-webapp-exploit.pcap.out @@ -73,9 +73,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7995637 bytes -~~ total memory freed........: 7995637 bytes -~~ total allocations/frees...: 148801/148801 +~~ total memory allocated....: 7625442 bytes +~~ total memory freed........: 7625442 bytes +~~ total allocations/frees...: 143204/143204 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 310 chars ~~ json string max len.......: 1934 chars diff --git a/test/results/default/long_tls_certificate.pcap.out b/test/results/default/long_tls_certificate.pcap.out index aaa7d72e5..0f7732922 100644 --- a/test/results/default/long_tls_certificate.pcap.out +++ b/test/results/default/long_tls_certificate.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8364781 bytes -~~ total memory freed........: 8364781 bytes -~~ total allocations/frees...: 148529/148529 +~~ total memory allocated....: 7994442 bytes +~~ total memory freed........: 7994442 bytes +~~ total allocations/frees...: 142932/142932 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 526 chars ~~ json string max len.......: 5381 chars diff --git a/test/results/default/lru_ipv6_caches.pcapng.out b/test/results/default/lru_ipv6_caches.pcapng.out index fdddf9372..eb72bbb22 100644 --- a/test/results/default/lru_ipv6_caches.pcapng.out +++ b/test/results/default/lru_ipv6_caches.pcapng.out @@ -33,8 +33,8 @@ 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1639052959035612,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":166,"pkt_l4_len":112,"thread_ts_usec":1639052959035612,"pkt":"AAAAAAAAAAgAVrKUht1gCe0yAHARPzmRBy0zbmXsxb+l+oOtI94v2h+KwQeIpOUJ0uFEX\/NMGuEa4QBw7ZJkMTphZDI6aWQyMDrlXFuiZTjDuuw6Y5fpKld4tI\/Cxjk6aW5mb19oYXNoMjA65VxdggPDJDvaNdNt\/L2j+bkuqMllMTpxOTpnZXRfcGVlcnMxOnQyOiVoMTp2NDpMVAECMTp5MTpxZQ=="} 00836{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052961890141,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052961892484,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961892484,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1639052962142439,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052962142439,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1639052962191138,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052962191138,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="} 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1639052963579689,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":210,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":210,"pkt_l4_len":156,"thread_ts_usec":1639052963579689,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAJwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCcOP4AAQCAIRKkQlUyZXJ1M05HdUpPbgAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAA2roABAAAAALAVwAEAAMACoAqAAhYlWblH2D7mAAlAAAAJAAEbn8o\/wAIABQ5szu0z17I9YE5t42kszUxGI8nq4AoAAQ7B4OH"} @@ -59,12 +59,12 @@ 01614{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704415,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704415,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","notafter":"2022-06-28 23:59:59","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0"}}} 00836{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052978452441,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvABwRPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgAcl50IAQAAIRKkQlo5L3NwNkJKYzZoYw=="} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052978709090,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvAKARPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgCgYyEAAwCEIRKkQk1ENkhOcE43bVdyN0AAAGYJEB5qy\/i6apiRZvn3XMXkctbCLKVSgdE+etIaSO7JbOt8VgBwQ6PpOhc8GnE1mfqvDmlkq2e8sWOF\/9QSZ9+\/3ZsaHutXU4\/yA\/LvUyR73PqXq7vvVwk5ZocXkuyrjHvs93CEXbgAAAAIABTHiAxW9AnRlqecEToF0hfWjRUykA=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978709090,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} 00836{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052979210381,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yABwRPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgAc0j0IAQAAIRKkQk5zWlZOMGtRWWlzeg=="} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052979210765,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAKARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCgt74AAwCEIRKkQkhCZVJqYUhKN2FOWUAAAGYJEMzluAd5ZUXHIG6GisEWroK42o70dYdL4WqSdPq9VYO3OjGxFI7w7pBgN3c6YR8KjSMY+2Ef8toiPPzGNZ6A1i89fknsYqJ9SYub5TFTaEnS4NE02DKCNshJ0L2AWj8kO7uEBsUAAAAIABTng0rXsLYilkJ4duCqCg2pGBOUjQ=="} -01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210765,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1639052979218699,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979218699,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQ\/5MAAQB0IRKkQkJ5RTBTMEFLcS8yZQAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABTKxPaKL217enpIf2AGYjmMTGV454AoAATAmK\/f"} 00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1639052979381748,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979381748,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQrREAAQB0IRKkQjY4V3ltQWRhSzZoTAAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABQoQCd0hET\/ud5uUOzbGiF4yVYzZoAoAASXw0bX"} 00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1639052979556213,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979556213,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQ97wAAQB0IRKkQldMcmpoVTNGUFVyagAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABS74KJfCrW2wh1E6b3fJs\/qV0yS0oAoAASJhjGh"} @@ -89,9 +89,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8004502 bytes -~~ total memory freed........: 8004502 bytes -~~ total allocations/frees...: 148520/148520 +~~ total memory allocated....: 7634427 bytes +~~ total memory freed........: 7634427 bytes +~~ total allocations/frees...: 142923/142923 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 523 chars ~~ json string max len.......: 2401 chars diff --git a/test/results/default/malformed_dns.pcap.out b/test/results/default/malformed_dns.pcap.out index 3f0348721..0ef2d9178 100644 --- a/test/results/default/malformed_dns.pcap.out +++ b/test/results/default/malformed_dns.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964345 bytes -~~ total memory freed........: 7964345 bytes -~~ total allocations/frees...: 148296/148296 +~~ total memory allocated....: 7594006 bytes +~~ total memory freed........: 7594006 bytes +~~ total allocations/frees...: 142699/142699 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 2731 chars diff --git a/test/results/default/malformed_icmp.pcap.out b/test/results/default/malformed_icmp.pcap.out index 3f9120c5b..2964b1ac9 100644 --- a/test/results/default/malformed_icmp.pcap.out +++ b/test/results/default/malformed_icmp.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964128 bytes -~~ total memory freed........: 7964128 bytes -~~ total allocations/frees...: 148288/148288 +~~ total memory allocated....: 7593789 bytes +~~ total memory freed........: 7593789 bytes +~~ total allocations/frees...: 142691/142691 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 1173 chars diff --git a/test/results/default/malware.pcap.out b/test/results/default/malware.pcap.out index 2ca33ea52..33d4bcf50 100644 --- a/test/results/default/malware.pcap.out +++ b/test/results/default/malware.pcap.out @@ -39,9 +39,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8014645 bytes -~~ total memory freed........: 8014645 bytes -~~ total allocations/frees...: 148421/148421 +~~ total memory allocated....: 7644402 bytes +~~ total memory freed........: 7644402 bytes +~~ total allocations/frees...: 142824/142824 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2754 chars diff --git a/test/results/default/memcached.cap.out b/test/results/default/memcached.cap.out index 19cece031..c1f63b2f7 100644 --- a/test/results/default/memcached.cap.out +++ b/test/results/default/memcached.cap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966437 bytes -~~ total memory freed........: 7966437 bytes -~~ total allocations/frees...: 148298/148298 +~~ total memory allocated....: 7596098 bytes +~~ total memory freed........: 7596098 bytes +~~ total allocations/frees...: 142701/142701 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 973 chars diff --git a/test/results/default/merakicloud.pcapng.out b/test/results/default/merakicloud.pcapng.out index d06a88078..99d9762cc 100644 --- a/test/results/default/merakicloud.pcapng.out +++ b/test/results/default/merakicloud.pcapng.out @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7965375 bytes -~~ total memory freed........: 7965375 bytes -~~ total allocations/frees...: 148331/148331 +~~ total memory allocated....: 7595036 bytes +~~ total memory freed........: 7595036 bytes +~~ total allocations/frees...: 142734/142734 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 2432 chars diff --git a/test/results/default/mgcp.pcapng.out b/test/results/default/mgcp.pcapng.out index 65e05b4a0..d1e85d66f 100644 --- a/test/results/default/mgcp.pcapng.out +++ b/test/results/default/mgcp.pcapng.out @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966779 bytes -~~ total memory freed........: 7966779 bytes -~~ total allocations/frees...: 148318/148318 +~~ total memory allocated....: 7596464 bytes +~~ total memory freed........: 7596464 bytes +~~ total allocations/frees...: 142721/142721 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 1095 chars diff --git a/test/results/default/modbus.pcap.out b/test/results/default/modbus.pcap.out index 11fe27455..b3b1203f6 100644 --- a/test/results/default/modbus.pcap.out +++ b/test/results/default/modbus.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967057 bytes -~~ total memory freed........: 7967057 bytes -~~ total allocations/frees...: 148389/148389 +~~ total memory allocated....: 7596718 bytes +~~ total memory freed........: 7596718 bytes +~~ total allocations/frees...: 142792/142792 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2310 chars diff --git a/test/results/default/monero.pcap.out b/test/results/default/monero.pcap.out index f15035318..b5a67b0ee 100644 --- a/test/results/default/monero.pcap.out +++ b/test/results/default/monero.pcap.out @@ -28,9 +28,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7979546 bytes -~~ total memory freed........: 7979546 bytes -~~ total allocations/frees...: 148619/148619 +~~ total memory allocated....: 7609231 bytes +~~ total memory freed........: 7609231 bytes +~~ total allocations/frees...: 143022/143022 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2499 chars diff --git a/test/results/default/mongo_false_positive.pcapng.out b/test/results/default/mongo_false_positive.pcapng.out index 0f7196e79..59a89bc24 100644 --- a/test/results/default/mongo_false_positive.pcapng.out +++ b/test/results/default/mongo_false_positive.pcapng.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966873 bytes -~~ total memory freed........: 7966873 bytes -~~ total allocations/frees...: 148313/148313 +~~ total memory allocated....: 7596534 bytes +~~ total memory freed........: 7596534 bytes +~~ total allocations/frees...: 142716/142716 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 528 chars ~~ json string max len.......: 2161 chars diff --git a/test/results/default/mongodb.pcap.out b/test/results/default/mongodb.pcap.out index c1a78cc4e..118035455 100644 --- a/test/results/default/mongodb.pcap.out +++ b/test/results/default/mongodb.pcap.out @@ -51,9 +51,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7975414 bytes -~~ total memory freed........: 7975414 bytes -~~ total allocations/frees...: 148362/148362 +~~ total memory allocated....: 7605171 bytes +~~ total memory freed........: 7605171 bytes +~~ total allocations/frees...: 142765/142765 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 1104 chars diff --git a/test/results/default/mpeg-dash.pcap.out b/test/results/default/mpeg-dash.pcap.out index bbb7d1c83..9096d94cd 100644 --- a/test/results/default/mpeg-dash.pcap.out +++ b/test/results/default/mpeg-dash.pcap.out @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7971503 bytes -~~ total memory freed........: 7971503 bytes -~~ total allocations/frees...: 148347/148347 +~~ total memory allocated....: 7601236 bytes +~~ total memory freed........: 7601236 bytes +~~ total allocations/frees...: 142750/142750 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 2481 chars diff --git a/test/results/default/mpeg.pcap.out b/test/results/default/mpeg.pcap.out index 8d36a0179..45f73e2fb 100644 --- a/test/results/default/mpeg.pcap.out +++ b/test/results/default/mpeg.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964730 bytes -~~ total memory freed........: 7964730 bytes -~~ total allocations/frees...: 148310/148310 +~~ total memory allocated....: 7594391 bytes +~~ total memory freed........: 7594391 bytes +~~ total allocations/frees...: 142713/142713 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 1091 chars diff --git a/test/results/default/mpegts.pcap.out b/test/results/default/mpegts.pcap.out index c9758ac53..b88ba7a7d 100644 --- a/test/results/default/mpegts.pcap.out +++ b/test/results/default/mpegts.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964100 bytes -~~ total memory freed........: 7964100 bytes -~~ total allocations/frees...: 148287/148287 +~~ total memory allocated....: 7593761 bytes +~~ total memory freed........: 7593761 bytes +~~ total allocations/frees...: 142690/142690 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2798 chars diff --git a/test/results/default/mqtt.pcap.out b/test/results/default/mqtt.pcap.out index 2ca59e3c2..5656b3237 100644 --- a/test/results/default/mqtt.pcap.out +++ b/test/results/default/mqtt.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966460 bytes -~~ total memory freed........: 7966460 bytes -~~ total allocations/frees...: 148307/148307 +~~ total memory allocated....: 7596145 bytes +~~ total memory freed........: 7596145 bytes +~~ total allocations/frees...: 142710/142710 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 1093 chars diff --git a/test/results/default/mssql_tds.pcap.out b/test/results/default/mssql_tds.pcap.out index 501348fc8..1544a7356 100644 --- a/test/results/default/mssql_tds.pcap.out +++ b/test/results/default/mssql_tds.pcap.out @@ -71,9 +71,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7990349 bytes -~~ total memory freed........: 7990349 bytes -~~ total allocations/frees...: 148447/148447 +~~ total memory allocated....: 7620274 bytes +~~ total memory freed........: 7620274 bytes +~~ total allocations/frees...: 142850/142850 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 2493 chars diff --git a/test/results/default/munin.pcap.out b/test/results/default/munin.pcap.out index d40866194..dc3f097c3 100644 --- a/test/results/default/munin.pcap.out +++ b/test/results/default/munin.pcap.out @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7972139 bytes -~~ total memory freed........: 7972139 bytes -~~ total allocations/frees...: 148380/148380 +~~ total memory allocated....: 7601872 bytes +~~ total memory freed........: 7601872 bytes +~~ total allocations/frees...: 142783/142783 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 974 chars diff --git a/test/results/default/mysql-8.pcap.out b/test/results/default/mysql-8.pcap.out index c89a7107f..e7516ba2b 100644 --- a/test/results/default/mysql-8.pcap.out +++ b/test/results/default/mysql-8.pcap.out @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967214 bytes -~~ total memory freed........: 7967214 bytes -~~ total allocations/frees...: 148333/148333 +~~ total memory allocated....: 7596899 bytes +~~ total memory freed........: 7596899 bytes +~~ total allocations/frees...: 142736/142736 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 983 chars diff --git a/test/results/default/natpmp.pcap.out b/test/results/default/natpmp.pcap.out index 7c067eaa5..c7e64e70e 100644 --- a/test/results/default/natpmp.pcap.out +++ b/test/results/default/natpmp.pcap.out @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7970718 bytes -~~ total memory freed........: 7970718 bytes -~~ total allocations/frees...: 148331/148331 +~~ total memory allocated....: 7600451 bytes +~~ total memory freed........: 7600451 bytes +~~ total allocations/frees...: 142734/142734 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 1153 chars diff --git a/test/results/default/nats.pcap.out b/test/results/default/nats.pcap.out index 68506fe4d..550467eaa 100644 --- a/test/results/default/nats.pcap.out +++ b/test/results/default/nats.pcap.out @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7971078 bytes -~~ total memory freed........: 7971078 bytes -~~ total allocations/frees...: 148327/148327 +~~ total memory allocated....: 7600763 bytes +~~ total memory freed........: 7600763 bytes +~~ total allocations/frees...: 142730/142730 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 962 chars diff --git a/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out index 2f47f25b7..942652398 100644 --- a/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out +++ b/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964621 bytes -~~ total memory freed........: 7964621 bytes -~~ total allocations/frees...: 148305/148305 +~~ total memory allocated....: 7594282 bytes +~~ total memory freed........: 7594282 bytes +~~ total allocations/frees...: 142708/142708 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 544 chars ~~ json string max len.......: 2070 chars diff --git a/test/results/default/nest_log_sink.pcap.out b/test/results/default/nest_log_sink.pcap.out index 72f419f96..d5b731f54 100644 --- a/test/results/default/nest_log_sink.pcap.out +++ b/test/results/default/nest_log_sink.pcap.out @@ -174,9 +174,9 @@ ~~ total active/idle flows...: 17/17 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8044721 bytes -~~ total memory freed........: 8044721 bytes -~~ total allocations/frees...: 149249/149249 +~~ total memory allocated....: 7674766 bytes +~~ total memory freed........: 7674766 bytes +~~ total allocations/frees...: 143652/143652 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 2263 chars diff --git a/test/results/default/netbios.pcap.out b/test/results/default/netbios.pcap.out index 4a72503ea..f0dfd5165 100644 --- a/test/results/default/netbios.pcap.out +++ b/test/results/default/netbios.pcap.out @@ -89,9 +89,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8002835 bytes -~~ total memory freed........: 8002835 bytes -~~ total allocations/frees...: 148693/148693 +~~ total memory allocated....: 7632832 bytes +~~ total memory freed........: 7632832 bytes +~~ total allocations/frees...: 143096/143096 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2213 chars diff --git a/test/results/default/netbios_wildcard_dns_query.pcap.out b/test/results/default/netbios_wildcard_dns_query.pcap.out index e7f3930dd..84b0edab7 100644 --- a/test/results/default/netbios_wildcard_dns_query.pcap.out +++ b/test/results/default/netbios_wildcard_dns_query.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964128 bytes -~~ total memory freed........: 7964128 bytes -~~ total allocations/frees...: 148288/148288 +~~ total memory allocated....: 7593789 bytes +~~ total memory freed........: 7593789 bytes +~~ total allocations/frees...: 142691/142691 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 532 chars ~~ json string max len.......: 1218 chars diff --git a/test/results/default/netflix.pcap.out b/test/results/default/netflix.pcap.out index 8b318cf7c..08039f71e 100644 --- a/test/results/default/netflix.pcap.out +++ b/test/results/default/netflix.pcap.out @@ -570,9 +570,9 @@ ~~ total active/idle flows...: 61/61 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8514847 bytes -~~ total memory freed........: 8514847 bytes -~~ total allocations/frees...: 151307/151307 +~~ total memory allocated....: 8145948 bytes +~~ total memory freed........: 8145948 bytes +~~ total allocations/frees...: 145710/145710 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2493 chars diff --git a/test/results/default/netflow-fritz.pcap.out b/test/results/default/netflow-fritz.pcap.out index 8333a68cb..7dd9d78b6 100644 --- a/test/results/default/netflow-fritz.pcap.out +++ b/test/results/default/netflow-fritz.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964128 bytes -~~ total memory freed........: 7964128 bytes -~~ total allocations/frees...: 148288/148288 +~~ total memory allocated....: 7593789 bytes +~~ total memory freed........: 7593789 bytes +~~ total allocations/frees...: 142691/142691 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 979 chars diff --git a/test/results/default/netflowv9.pcap.out b/test/results/default/netflowv9.pcap.out index f3cfd0c3b..26561d309 100644 --- a/test/results/default/netflowv9.pcap.out +++ b/test/results/default/netflowv9.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964389 bytes -~~ total memory freed........: 7964389 bytes -~~ total allocations/frees...: 148297/148297 +~~ total memory allocated....: 7594050 bytes +~~ total memory freed........: 7594050 bytes +~~ total allocations/frees...: 142700/142700 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 2379 chars diff --git a/test/results/default/nfsv2.pcap.out b/test/results/default/nfsv2.pcap.out index d9fbebdac..b4173f992 100644 --- a/test/results/default/nfsv2.pcap.out +++ b/test/results/default/nfsv2.pcap.out @@ -48,9 +48,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7981223 bytes -~~ total memory freed........: 7981223 bytes -~~ total allocations/frees...: 148509/148509 +~~ total memory allocated....: 7611028 bytes +~~ total memory freed........: 7611028 bytes +~~ total allocations/frees...: 142912/142912 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 2246 chars diff --git a/test/results/default/nfsv3.pcap.out b/test/results/default/nfsv3.pcap.out index 972e3d470..7ca9866a1 100644 --- a/test/results/default/nfsv3.pcap.out +++ b/test/results/default/nfsv3.pcap.out @@ -53,9 +53,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7982511 bytes -~~ total memory freed........: 7982511 bytes -~~ total allocations/frees...: 148492/148492 +~~ total memory allocated....: 7612340 bytes +~~ total memory freed........: 7612340 bytes +~~ total allocations/frees...: 142895/142895 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 2248 chars diff --git a/test/results/default/nintendo.pcap.out b/test/results/default/nintendo.pcap.out index ff84c914d..f1319f18c 100644 --- a/test/results/default/nintendo.pcap.out +++ b/test/results/default/nintendo.pcap.out @@ -170,9 +170,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8052983 bytes -~~ total memory freed........: 8052983 bytes -~~ total allocations/frees...: 149521/149521 +~~ total memory allocated....: 7683124 bytes +~~ total memory freed........: 7683124 bytes +~~ total allocations/frees...: 143924/143924 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2329 chars diff --git a/test/results/default/nntp.pcap.out b/test/results/default/nntp.pcap.out index 336c622fc..1b73f5d4e 100644 --- a/test/results/default/nntp.pcap.out +++ b/test/results/default/nntp.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967075 bytes -~~ total memory freed........: 7967075 bytes -~~ total allocations/frees...: 148320/148320 +~~ total memory allocated....: 7596736 bytes +~~ total memory freed........: 7596736 bytes +~~ total allocations/frees...: 142723/142723 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 2198 chars diff --git a/test/results/default/no_sni.pcap.out b/test/results/default/no_sni.pcap.out index b1bf86347..bb35a71df 100644 --- a/test/results/default/no_sni.pcap.out +++ b/test/results/default/no_sni.pcap.out @@ -83,9 +83,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8037921 bytes -~~ total memory freed........: 8037921 bytes -~~ total allocations/frees...: 148844/148844 +~~ total memory allocated....: 7667750 bytes +~~ total memory freed........: 7667750 bytes +~~ total allocations/frees...: 143247/143247 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2174 chars diff --git a/test/results/default/ocs.pcap.out b/test/results/default/ocs.pcap.out index 842b35e17..7d340626f 100644 --- a/test/results/default/ocs.pcap.out +++ b/test/results/default/ocs.pcap.out @@ -143,9 +143,9 @@ ~~ total active/idle flows...: 20/20 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8042607 bytes -~~ total memory freed........: 8042607 bytes -~~ total allocations/frees...: 149478/149478 +~~ total memory allocated....: 7672724 bytes +~~ total memory freed........: 7672724 bytes +~~ total allocations/frees...: 143881/143881 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 2379 chars diff --git a/test/results/default/ocsp.pcapng.out b/test/results/default/ocsp.pcapng.out index 4e399f3e2..12f5ec311 100644 --- a/test/results/default/ocsp.pcapng.out +++ b/test/results/default/ocsp.pcapng.out @@ -99,9 +99,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7994690 bytes -~~ total memory freed........: 7994690 bytes -~~ total allocations/frees...: 148787/148787 +~~ total memory allocated....: 7624567 bytes +~~ total memory freed........: 7624567 bytes +~~ total allocations/frees...: 143190/143190 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2301 chars diff --git a/test/results/default/oicq.pcap.out b/test/results/default/oicq.pcap.out index 380f8ec1a..59bea2018 100644 --- a/test/results/default/oicq.pcap.out +++ b/test/results/default/oicq.pcap.out @@ -152,9 +152,9 @@ ~~ total active/idle flows...: 29/29 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8023740 bytes -~~ total memory freed........: 8023740 bytes -~~ total allocations/frees...: 148624/148624 +~~ total memory allocated....: 7654073 bytes +~~ total memory freed........: 7654073 bytes +~~ total allocations/frees...: 143027/143027 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 1091 chars diff --git a/test/results/default/ookla.pcap.out b/test/results/default/ookla.pcap.out index 59ffbd596..fc611db23 100644 --- a/test/results/default/ookla.pcap.out +++ b/test/results/default/ookla.pcap.out @@ -61,9 +61,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7995315 bytes -~~ total memory freed........: 7995315 bytes -~~ total allocations/frees...: 148474/148474 +~~ total memory allocated....: 7625096 bytes +~~ total memory freed........: 7625096 bytes +~~ total allocations/frees...: 142877/142877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 1399 chars diff --git a/test/results/default/openvpn.pcap.out b/test/results/default/openvpn.pcap.out index 47eb75884..b7ee94a0c 100644 --- a/test/results/default/openvpn.pcap.out +++ b/test/results/default/openvpn.pcap.out @@ -38,9 +38,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7979011 bytes -~~ total memory freed........: 7979011 bytes -~~ total allocations/frees...: 148609/148609 +~~ total memory allocated....: 7608720 bytes +~~ total memory freed........: 7608720 bytes +~~ total allocations/frees...: 143012/143012 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2325 chars diff --git a/test/results/default/oracle12.pcapng.out b/test/results/default/oracle12.pcapng.out index fefec0b08..e0ba34d3a 100644 --- a/test/results/default/oracle12.pcapng.out +++ b/test/results/default/oracle12.pcapng.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966727 bytes -~~ total memory freed........: 7966727 bytes -~~ total allocations/frees...: 148308/148308 +~~ total memory allocated....: 7596388 bytes +~~ total memory freed........: 7596388 bytes +~~ total allocations/frees...: 142711/142711 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 949 chars diff --git a/test/results/default/os_detected.pcapng.out b/test/results/default/os_detected.pcapng.out index 5b276f011..cca1c6e0b 100644 --- a/test/results/default/os_detected.pcapng.out +++ b/test/results/default/os_detected.pcapng.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7974382 bytes -~~ total memory freed........: 7974382 bytes -~~ total allocations/frees...: 148311/148311 +~~ total memory allocated....: 7604043 bytes +~~ total memory freed........: 7604043 bytes +~~ total allocations/frees...: 142714/142714 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 2231 chars diff --git a/test/results/default/ospfv2_add_new_prefix.pcap.out b/test/results/default/ospfv2_add_new_prefix.pcap.out index d2ac611c7..16d344252 100644 --- a/test/results/default/ospfv2_add_new_prefix.pcap.out +++ b/test/results/default/ospfv2_add_new_prefix.pcap.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964157 bytes -~~ total memory freed........: 7964157 bytes -~~ total allocations/frees...: 148289/148289 +~~ total memory allocated....: 7593818 bytes +~~ total memory freed........: 7593818 bytes +~~ total allocations/frees...: 142692/142692 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 527 chars ~~ json string max len.......: 1068 chars diff --git a/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out index 58b6e2915..d782dc9cc 100644 --- a/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7987788 bytes -~~ total memory freed........: 7987788 bytes -~~ total allocations/frees...: 148415/148415 +~~ total memory allocated....: 7617665 bytes +~~ total memory freed........: 7617665 bytes +~~ total allocations/frees...: 142818/142818 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 523 chars ~~ json string max len.......: 1340 chars diff --git a/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out index 49ba94465..634ff292d 100644 --- a/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out +++ b/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7974959 bytes -~~ total memory freed........: 7974959 bytes -~~ total allocations/frees...: 148338/148338 +~~ total memory allocated....: 7604692 bytes +~~ total memory freed........: 7604692 bytes +~~ total allocations/frees...: 142741/142741 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 534 chars ~~ json string max len.......: 992 chars diff --git a/test/results/default/ossfuzz_seed_fake_traces_3.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_3.pcapng.out index b5a6c1e26..d35881f4d 100644 --- a/test/results/default/ossfuzz_seed_fake_traces_3.pcapng.out +++ b/test/results/default/ossfuzz_seed_fake_traces_3.pcapng.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964247 bytes -~~ total memory freed........: 7964247 bytes -~~ total allocations/frees...: 148293/148293 +~~ total memory allocated....: 7593908 bytes +~~ total memory freed........: 7593908 bytes +~~ total allocations/frees...: 142696/142696 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 534 chars ~~ json string max len.......: 950 chars diff --git a/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out index 6cd5acf26..63a5ac623 100644 --- a/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out +++ b/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964157 bytes -~~ total memory freed........: 7964157 bytes -~~ total allocations/frees...: 148289/148289 +~~ total memory allocated....: 7593818 bytes +~~ total memory freed........: 7593818 bytes +~~ total allocations/frees...: 142692/142692 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 522 chars ~~ json string max len.......: 877 chars diff --git a/test/results/default/pgm.pcap.out b/test/results/default/pgm.pcap.out index e608fe6ef..0bde234e4 100644 --- a/test/results/default/pgm.pcap.out +++ b/test/results/default/pgm.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7993071 bytes -~~ total memory freed........: 7993071 bytes -~~ total allocations/frees...: 149286/149286 +~~ total memory allocated....: 7622732 bytes +~~ total memory freed........: 7622732 bytes +~~ total allocations/frees...: 143689/143689 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 2252 chars diff --git a/test/results/default/pgsql.pcap.out b/test/results/default/pgsql.pcap.out index 3f539fde3..e974e38d3 100644 --- a/test/results/default/pgsql.pcap.out +++ b/test/results/default/pgsql.pcap.out @@ -58,9 +58,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7989439 bytes -~~ total memory freed........: 7989439 bytes -~~ total allocations/frees...: 148436/148436 +~~ total memory allocated....: 7619220 bytes +~~ total memory freed........: 7619220 bytes +~~ total allocations/frees...: 142839/142839 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 982 chars diff --git a/test/results/default/pim.pcap.out b/test/results/default/pim.pcap.out index f49048326..ab0d5691b 100644 --- a/test/results/default/pim.pcap.out +++ b/test/results/default/pim.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964361 bytes -~~ total memory freed........: 7964361 bytes -~~ total allocations/frees...: 148296/148296 +~~ total memory allocated....: 7594022 bytes +~~ total memory freed........: 7594022 bytes +~~ total allocations/frees...: 142699/142699 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 936 chars diff --git a/test/results/default/pinterest.pcap.out b/test/results/default/pinterest.pcap.out index 4d847b110..f32a99165 100644 --- a/test/results/default/pinterest.pcap.out +++ b/test/results/default/pinterest.pcap.out @@ -306,9 +306,9 @@ ~~ total active/idle flows...: 37/37 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9138987 bytes -~~ total memory freed........: 9138987 bytes -~~ total allocations/frees...: 150837/150837 +~~ total memory allocated....: 8769512 bytes +~~ total memory freed........: 8769512 bytes +~~ total allocations/frees...: 145240/145240 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 3531 chars diff --git a/test/results/default/pluralsight.pcap.out b/test/results/default/pluralsight.pcap.out index 297f7be4d..d6e30c897 100644 --- a/test/results/default/pluralsight.pcap.out +++ b/test/results/default/pluralsight.pcap.out @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8034221 bytes -~~ total memory freed........: 8034221 bytes -~~ total allocations/frees...: 148442/148442 +~~ total memory allocated....: 7664002 bytes +~~ total memory freed........: 7664002 bytes +~~ total allocations/frees...: 142845/142845 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 517 chars ~~ json string max len.......: 2523 chars diff --git a/test/results/default/pop3.pcap.out b/test/results/default/pop3.pcap.out index a29348559..6cb9d79a7 100644 --- a/test/results/default/pop3.pcap.out +++ b/test/results/default/pop3.pcap.out @@ -59,9 +59,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7991134 bytes -~~ total memory freed........: 7991134 bytes -~~ total allocations/frees...: 148494/148494 +~~ total memory allocated....: 7620915 bytes +~~ total memory freed........: 7620915 bytes +~~ total allocations/frees...: 142897/142897 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 2298 chars diff --git a/test/results/default/pop3_stls.pcap.out b/test/results/default/pop3_stls.pcap.out index 14dfcc022..6f452e614 100644 --- a/test/results/default/pop3_stls.pcap.out +++ b/test/results/default/pop3_stls.pcap.out @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7983901 bytes -~~ total memory freed........: 7983901 bytes -~~ total allocations/frees...: 148351/148351 +~~ total memory allocated....: 7613562 bytes +~~ total memory freed........: 7613562 bytes +~~ total allocations/frees...: 142754/142754 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 2022 chars diff --git a/test/results/default/pops.pcapng.out b/test/results/default/pops.pcapng.out index 1b16122de..a438e8139 100644 --- a/test/results/default/pops.pcapng.out +++ b/test/results/default/pops.pcapng.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7970771 bytes -~~ total memory freed........: 7970771 bytes -~~ total allocations/frees...: 148296/148296 +~~ total memory allocated....: 7600432 bytes +~~ total memory freed........: 7600432 bytes +~~ total allocations/frees...: 142699/142699 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2228 chars diff --git a/test/results/default/pps.pcap.out b/test/results/default/pps.pcap.out index aba22716a..e33288f92 100644 --- a/test/results/default/pps.pcap.out +++ b/test/results/default/pps.pcap.out @@ -223,7 +223,7 @@ 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1041,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353152692906,"flow_src_last_pkt_time":1467353152692906,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353152692906,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1467353152692906,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353152692906,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLGwAAAER1wTAqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00963{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1041,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353152692906,"flow_src_last_pkt_time":1467353152692906,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353152692906,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} -01406{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1042,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":1,"flow_first_seen":1467353151975342,"flow_src_last_pkt_time":1467353152590330,"flow_dst_last_pkt_time":1467353152945958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":8367,"flow_dst_tot_l4_payload_len":1260,"midstream":1,"thread_ts_usec":1467353152945958,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"bcu.ff.avast.com","http": {"url":"bcu.ff.avast.com\/bc2","code":200,"content_type":"application\/octet-stream","user_agent":"{D699054D-1699-47D2-9B2B-E96F438C1160}","request_content_type":"application\/x-enc"}}} +01515{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1042,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":1,"flow_first_seen":1467353151975342,"flow_src_last_pkt_time":1467353152590330,"flow_dst_last_pkt_time":1467353152945958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":8367,"flow_dst_tot_l4_payload_len":1260,"midstream":1,"thread_ts_usec":1467353152945958,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"bcu.ff.avast.com","http": {"url":"bcu.ff.avast.com\/bc2","code":200,"content_type":"application\/octet-stream","user_agent":"{D699054D-1699-47D2-9B2B-E96F438C1160}","request_content_type":"application\/x-enc"}}} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1044,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1467353155693528,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353155693528,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLG0AAAER1wPAqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353155790340,"flow_src_last_pkt_time":1467353155790340,"flow_dst_last_pkt_time":1467353155790340,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":629,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":629,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":629,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353155790340,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1467353155790340,"flow_dst_last_pkt_time":1467353155790340,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"thread_ts_usec":1467353155790340,"pkt":"TF4M6gNlABxCjnAxCABFAAKdDjtAAIAG3SfAqHMIymwO28U3AFCNS81scTxdzlAYAQSLywAAR0VUIC9jb3JlP3Q9MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZ0bT0xNSZyYT0xJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNTUmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} @@ -522,7 +522,7 @@ 01403{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1259,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202428117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":302,"flow_src_tot_l4_payload_len":2737,"flow_dst_tot_l4_payload_len":302,"midstream":1,"thread_ts_usec":1467353202428117,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"su.ff.avast.com","http": {"url":"su.ff.avast.com\/R\/A3gKIDljY2I3ODkyM2NiMTRlMTBiNzRmZGQ3OTE4ODdhNDZlEgQCMAYWGKAEIgH_KgcIBBDmzNlDKgcIAxCrn_tBMgoIBBDmzNlDGIAKOM2RhFhCICsB593vKxQ6cVzAgCL_b9XWlsFQVx754ZgCHv1XaVp1SICCmAg=","code":0,"content_type":"","user_agent":"","request_content_type":"application\/octet-stream"}}} 00991{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834457,"flow_src_last_pkt_time":1467353136834572,"flow_dst_last_pkt_time":1467353136834457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834457,"flow_src_last_pkt_time":1467353136834572,"flow_dst_last_pkt_time":1467353136834457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01219{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1467353151975342,"flow_src_last_pkt_time":1467353164710742,"flow_dst_last_pkt_time":1467353165019943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":10429,"flow_dst_tot_l4_payload_len":14221,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download"}} +01328{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1467353151975342,"flow_src_last_pkt_time":1467353164710742,"flow_dst_last_pkt_time":1467353165019943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":10429,"flow_dst_tot_l4_payload_len":14221,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download"}} 00992{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136835111,"flow_src_last_pkt_time":1467353136835529,"flow_dst_last_pkt_time":1467353136835111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136835111,"flow_src_last_pkt_time":1467353136835529,"flow_dst_last_pkt_time":1467353136835111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00991{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833392,"flow_src_last_pkt_time":1467353136833582,"flow_dst_last_pkt_time":1467353136833392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -667,9 +667,9 @@ ~~ total active/idle flows...: 107/107 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8267866 bytes -~~ total memory freed........: 8267866 bytes -~~ total allocations/frees...: 151816/151816 +~~ total memory allocated....: 7900071 bytes +~~ total memory freed........: 7900071 bytes +~~ total allocations/frees...: 146219/146219 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 2351 chars diff --git a/test/results/default/pptp.pcap.out b/test/results/default/pptp.pcap.out index 8be956df3..6f0f5f3ea 100644 --- a/test/results/default/pptp.pcap.out +++ b/test/results/default/pptp.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966843 bytes -~~ total memory freed........: 7966843 bytes -~~ total allocations/frees...: 148312/148312 +~~ total memory allocated....: 7596504 bytes +~~ total memory freed........: 7596504 bytes +~~ total allocations/frees...: 142715/142715 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 970 chars diff --git a/test/results/default/protonvpn.pcap.out b/test/results/default/protonvpn.pcap.out index dee8335b8..f8ca28c7f 100644 --- a/test/results/default/protonvpn.pcap.out +++ b/test/results/default/protonvpn.pcap.out @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7984002 bytes -~~ total memory freed........: 7984002 bytes -~~ total allocations/frees...: 148354/148354 +~~ total memory allocated....: 7613687 bytes +~~ total memory freed........: 7613687 bytes +~~ total allocations/frees...: 142757/142757 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 1527 chars diff --git a/test/results/default/psiphon3.pcap.out b/test/results/default/psiphon3.pcap.out index e1cdbb4b5..0189efc83 100644 --- a/test/results/default/psiphon3.pcap.out +++ b/test/results/default/psiphon3.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7972617 bytes -~~ total memory freed........: 7972617 bytes -~~ total allocations/frees...: 148360/148360 +~~ total memory allocated....: 7602278 bytes +~~ total memory freed........: 7602278 bytes +~~ total allocations/frees...: 142763/142763 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 1961 chars diff --git a/test/results/default/punycode-idn.pcap.out b/test/results/default/punycode-idn.pcap.out index 585b8673f..d58709c03 100644 --- a/test/results/default/punycode-idn.pcap.out +++ b/test/results/default/punycode-idn.pcap.out @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7968892 bytes -~~ total memory freed........: 7968892 bytes -~~ total allocations/frees...: 148332/148332 +~~ total memory allocated....: 7598601 bytes +~~ total memory freed........: 7598601 bytes +~~ total allocations/frees...: 142735/142735 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 518 chars ~~ json string max len.......: 1298 chars diff --git a/test/results/default/quic-23.pcap.out b/test/results/default/quic-23.pcap.out index c73e405e5..5cf2e75d9 100644 --- a/test/results/default/quic-23.pcap.out +++ b/test/results/default/quic-23.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7974861 bytes -~~ total memory freed........: 7974861 bytes -~~ total allocations/frees...: 148328/148328 +~~ total memory allocated....: 7604522 bytes +~~ total memory freed........: 7604522 bytes +~~ total allocations/frees...: 142731/142731 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2282 chars diff --git a/test/results/default/quic-24.pcap.out b/test/results/default/quic-24.pcap.out index 75f26aea2..bc8fd709e 100644 --- a/test/results/default/quic-24.pcap.out +++ b/test/results/default/quic-24.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7974642 bytes -~~ total memory freed........: 7974642 bytes -~~ total allocations/frees...: 148323/148323 +~~ total memory allocated....: 7604303 bytes +~~ total memory freed........: 7604303 bytes +~~ total allocations/frees...: 142726/142726 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2215 chars diff --git a/test/results/default/quic-27.pcap.out b/test/results/default/quic-27.pcap.out index 4e8ab28d6..385421bd6 100644 --- a/test/results/default/quic-27.pcap.out +++ b/test/results/default/quic-27.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7975023 bytes -~~ total memory freed........: 7975023 bytes -~~ total allocations/frees...: 148329/148329 +~~ total memory allocated....: 7604684 bytes +~~ total memory freed........: 7604684 bytes +~~ total allocations/frees...: 142732/142732 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2355 chars diff --git a/test/results/default/quic-28.pcap.out b/test/results/default/quic-28.pcap.out index cc6419bbb..fca2d3918 100644 --- a/test/results/default/quic-28.pcap.out +++ b/test/results/default/quic-28.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7981445 bytes -~~ total memory freed........: 7981445 bytes -~~ total allocations/frees...: 148561/148561 +~~ total memory allocated....: 7611106 bytes +~~ total memory freed........: 7611106 bytes +~~ total allocations/frees...: 142964/142964 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2266 chars diff --git a/test/results/default/quic-29.pcap.out b/test/results/default/quic-29.pcap.out index 5dd28c5c4..238d939a9 100644 --- a/test/results/default/quic-29.pcap.out +++ b/test/results/default/quic-29.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7974642 bytes -~~ total memory freed........: 7974642 bytes -~~ total allocations/frees...: 148323/148323 +~~ total memory allocated....: 7604303 bytes +~~ total memory freed........: 7604303 bytes +~~ total allocations/frees...: 142726/142726 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2220 chars diff --git a/test/results/default/quic-33.pcapng.out b/test/results/default/quic-33.pcapng.out index 9fec56a16..0db58da58 100644 --- a/test/results/default/quic-33.pcapng.out +++ b/test/results/default/quic-33.pcapng.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7974476 bytes -~~ total memory freed........: 7974476 bytes -~~ total allocations/frees...: 148315/148315 +~~ total memory allocated....: 7604137 bytes +~~ total memory freed........: 7604137 bytes +~~ total allocations/frees...: 142718/142718 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 2513 chars diff --git a/test/results/default/quic-34.pcap.out b/test/results/default/quic-34.pcap.out index 82a541aa4..f96829672 100644 --- a/test/results/default/quic-34.pcap.out +++ b/test/results/default/quic-34.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7974491 bytes -~~ total memory freed........: 7974491 bytes -~~ total allocations/frees...: 148312/148312 +~~ total memory allocated....: 7604152 bytes +~~ total memory freed........: 7604152 bytes +~~ total allocations/frees...: 142715/142715 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2460 chars diff --git a/test/results/default/quic-forcing-vn-with-data.pcapng.out b/test/results/default/quic-forcing-vn-with-data.pcapng.out index bab0aad69..73cae8d64 100644 --- a/test/results/default/quic-forcing-vn-with-data.pcapng.out +++ b/test/results/default/quic-forcing-vn-with-data.pcapng.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7973064 bytes -~~ total memory freed........: 7973064 bytes -~~ total allocations/frees...: 148329/148329 +~~ total memory allocated....: 7602725 bytes +~~ total memory freed........: 7602725 bytes +~~ total allocations/frees...: 142732/142732 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 533 chars ~~ json string max len.......: 2149 chars diff --git a/test/results/default/quic-fuzz-overflow.pcapng.out b/test/results/default/quic-fuzz-overflow.pcapng.out index 51250da20..991325182 100644 --- a/test/results/default/quic-fuzz-overflow.pcapng.out +++ b/test/results/default/quic-fuzz-overflow.pcapng.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964100 bytes -~~ total memory freed........: 7964100 bytes -~~ total allocations/frees...: 148287/148287 +~~ total memory allocated....: 7593761 bytes +~~ total memory freed........: 7593761 bytes +~~ total allocations/frees...: 142690/142690 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 526 chars ~~ json string max len.......: 3094 chars diff --git a/test/results/default/quic-mvfst-22.pcap.out b/test/results/default/quic-mvfst-22.pcap.out index fe425d1bd..1e410443c 100644 --- a/test/results/default/quic-mvfst-22.pcap.out +++ b/test/results/default/quic-mvfst-22.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7988430 bytes -~~ total memory freed........: 7988430 bytes -~~ total allocations/frees...: 148798/148798 +~~ total memory allocated....: 7618091 bytes +~~ total memory freed........: 7618091 bytes +~~ total allocations/frees...: 143201/143201 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 2292 chars diff --git a/test/results/default/quic-mvfst-22_decryption_error.pcap.out b/test/results/default/quic-mvfst-22_decryption_error.pcap.out index 1b430038e..70dd0b1c3 100644 --- a/test/results/default/quic-mvfst-22_decryption_error.pcap.out +++ b/test/results/default/quic-mvfst-22_decryption_error.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7974498 bytes -~~ total memory freed........: 7974498 bytes -~~ total allocations/frees...: 148317/148317 +~~ total memory allocated....: 7604159 bytes +~~ total memory freed........: 7604159 bytes +~~ total allocations/frees...: 142720/142720 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 536 chars ~~ json string max len.......: 2187 chars diff --git a/test/results/default/quic-mvfst-27.pcapng.out b/test/results/default/quic-mvfst-27.pcapng.out index 362185c64..4755ce7ea 100644 --- a/test/results/default/quic-mvfst-27.pcapng.out +++ b/test/results/default/quic-mvfst-27.pcapng.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7974790 bytes -~~ total memory freed........: 7974790 bytes -~~ total allocations/frees...: 148328/148328 +~~ total memory allocated....: 7604451 bytes +~~ total memory freed........: 7604451 bytes +~~ total allocations/frees...: 142731/142731 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 521 chars ~~ json string max len.......: 2275 chars diff --git a/test/results/default/quic-mvfst-exp.pcap.out b/test/results/default/quic-mvfst-exp.pcap.out index 2e6cd5975..d9d937f05 100644 --- a/test/results/default/quic-mvfst-exp.pcap.out +++ b/test/results/default/quic-mvfst-exp.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7975083 bytes -~~ total memory freed........: 7975083 bytes -~~ total allocations/frees...: 148338/148338 +~~ total memory allocated....: 7604744 bytes +~~ total memory freed........: 7604744 bytes +~~ total allocations/frees...: 142741/142741 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 520 chars ~~ json string max len.......: 2229 chars diff --git a/test/results/default/quic-v2.pcapng.out b/test/results/default/quic-v2.pcapng.out index c5553864e..c66fbe39d 100644 --- a/test/results/default/quic-v2.pcapng.out +++ b/test/results/default/quic-v2.pcapng.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7973281 bytes -~~ total memory freed........: 7973281 bytes -~~ total allocations/frees...: 148327/148327 +~~ total memory allocated....: 7602942 bytes +~~ total memory freed........: 7602942 bytes +~~ total allocations/frees...: 142730/142730 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 3324 chars diff --git a/test/results/default/quic.pcap.out b/test/results/default/quic.pcap.out index 9c3ebd7f8..2339cb479 100644 --- a/test/results/default/quic.pcap.out +++ b/test/results/default/quic.pcap.out @@ -86,9 +86,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7998278 bytes -~~ total memory freed........: 7998278 bytes -~~ total allocations/frees...: 148912/148912 +~~ total memory allocated....: 7628155 bytes +~~ total memory freed........: 7628155 bytes +~~ total allocations/frees...: 143315/143315 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 2348 chars diff --git a/test/results/default/quic046.pcap.out b/test/results/default/quic046.pcap.out index 0a6d221f4..b5b41da28 100644 --- a/test/results/default/quic046.pcap.out +++ b/test/results/default/quic046.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967047 bytes -~~ total memory freed........: 7967047 bytes -~~ total allocations/frees...: 148388/148388 +~~ total memory allocated....: 7596708 bytes +~~ total memory freed........: 7596708 bytes +~~ total allocations/frees...: 142791/142791 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2324 chars diff --git a/test/results/default/quic_0RTT.pcap.out b/test/results/default/quic_0RTT.pcap.out index bdac8592d..6dc17c9fa 100644 --- a/test/results/default/quic_0RTT.pcap.out +++ b/test/results/default/quic_0RTT.pcap.out @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7990047 bytes -~~ total memory freed........: 7990047 bytes -~~ total allocations/frees...: 148359/148359 +~~ total memory allocated....: 7619732 bytes +~~ total memory freed........: 7619732 bytes +~~ total allocations/frees...: 142762/142762 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 2215 chars diff --git a/test/results/default/quic_cc_ack.pcapng.out b/test/results/default/quic_cc_ack.pcapng.out new file mode 100644 index 000000000..34954b7a1 --- /dev/null +++ b/test/results/default/quic_cc_ack.pcapng.out @@ -0,0 +1,26 @@ +00514{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00577{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623513645438057} +00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513645438057,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513645438057,"l3_proto":"ip4","src_ip":"152.14.223.145","dst_ip":"71.98.228.93","src_port":57113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +02347{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1623513645438057,"pkt":"AAAAAAAAAAYAK2gQCABFAAViCAZAAD8RiyWYDt+RR2LkXd8ZAbsFTlqVyP8AAB0IP2F8CyEK1SUAAEU0pUADgai63r\/lItFGP+9hC24roELpliW3esH+N23zYsVnHaLlDALQ9HmbSfFZdOGFn1N0tiCxBoce6EnFP8qxgIGvtolBdqVO4KtI3I+xzDEP1dMbrxXh5kXHhT9281\/Su+nx2HNihx4eRSrnG7qGfBWROROddmS4TWWAqhaVPJstau6yELSzb0UA6xOcZDDOFIrtIfaHHJNL73QwlCCVC8\/X6+gOB63o+ixHncf1eOknkTc\/XYOWJLMHSLd4BZOA3LW5GmIXKYRfAuWR6FNCEsog27+JxH38wH4S8BIHq9f0AIY3YXQVkFE1PLeWua7Hc3MsiUcYvgoAhVb9+JBI5eXYfDCwdHERnY1IQQmUAu9SFx2J6nuGff5NC96rDFPIdNELe62FpMiG++tWyxBT1jrqduEE+GTJGana2VRZO0mNKPo4k96XXHnlrmLHJtxgqk0CAYVVoULGC7QmHW0IPw5+QC2mMFdQ2JXXCHchmXNwhcQoDjPepV0Tc7gNhPo5bycXS3v5HN4L35Ns7nhQwv47t4TyZK6yYxdFDGdbuycCS8L2dTXwUF7TstgFGUmpVkx39Ih0cfz4Ml21l4W5OxPMQLwymZcjFN4ZcsWF1RYDZqiwdizzKmJZ2dywSdNp0mvGKgOCMW\/zEpCDahdneaO5ePAihedJrHlLWjrIcNPtMFJvsCb8J2Zs2JveZH8M9ycGrJuRHIU6iNjJ1KE38VCB5Hf1tALUvZ0BBj\/qC+Ij8B4Ro+yZstJd7Ob6BhH2uaRdc5I68e0jjwGpe80iacH6GsFPIOjtZEEbNYvDZ7w16Rc+ITnjSC38untM8Or\/bUIMrMDMgaZ0v\/C5OEdfOGlvxCBCC4\/o\/90Kx02rZnFEL\/i8boI7ePY0ReSck8yGfszVfqzNgiwK2v5Xb9wSfJ6a8GDsAhSfZ9BXpA1BdfBS8hgew+G98kwh4cHwLJ7guN9fdx1HmkzmFzzo53D9m0lvXudsnc8ddqbXGk2HsS8RT8gqdE4Qp0HmVJpwPar68+ZRDzIVr1NO4grcPGts3UheNWWdX22kIGFFoWJQJ0Iud4hNuShy1HzqTQ1lyp0YYC2JKUrnWP1jn3LpGqTH2BpZ2wK9\/yL0GdwgOVZWGlPVBBI5DulktahfK8IcRAXIoSVEE\/2BFDm9HCokMUAXZ7NOPTsKGJDxCqTZin0sZ\/S2a+q9vrJzdzIYDluIS5EynegX+P5Joc4GPrIZc3YnPU+\/jEQ6WmwykKvJwcBvW4q9DF9\/8A9K6qBXWUAE\/f3ls7H3ipOg+w\/Kh\/WzO70xs2OJpZb6vVHkFmXehlT0Ib213P4CBiVWI3EwxwElbpSAUUK\/\/VARpnBPiA9J+ch71rajSMnje0HhIlInLryO9owSAQ7f93iROUK3RJldQmsCIOfxHUjT\/D9SQRsq4felL1nQ7DtW9jJkBIxJNEvuacIdV\/uo77CehnUSmwufgmQjj2L3ej6HOYKut+6KBPceNlpM9C1g\/\/lK0TvimOKIRh5lPHZnjbRXhK1\/2ricgkmNL6d4mPnYWLCcJhWSclF\/A8b\/ixrplLwQsuMc4NgUi8p4L1IcSZhnUxtTszMmKomu4BZaTzCIvV8croOgcxm97AvxlkZRjUy4Pb5rdJcTpPFvUeyaVjMB7toze81GUUg0VFp8lOemZ2cFjZ+uKOYqXrcEJFF9LwKAjMfV1JtVs7Svx3g0n+xvnlW+JM5HoeSe3uvLKwvv8MdjFD4tJpVfQSeZPJIaH6fKbzpbepdPhIKObLCQ"} +01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513645438057,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513645438057,"l3_proto":"ip4","src_ip":"152.14.223.145","dst_ip":"71.98.228.93","src_port":57113,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513729660364,"flow_src_last_pkt_time":1623513729660364,"flow_dst_last_pkt_time":1623513729660364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513729660364,"l3_proto":"ip4","src_ip":"183.23.159.144","dst_ip":"108.140.147.22","src_port":37787,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +02347{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1623513729660364,"flow_dst_last_pkt_time":1623513729660364,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1623513729660364,"pkt":"AAAAAAAAAAYAK2gQCABFAAVi6HNAAD8R98y3F5+QbIyTFpObAbsFToaYw\/8AAB0IUTBcXx\/7dUoAAEU0cRm1CkDiL5VXuHD8J2aE4zIb58\/+mEU+Rw5RrXrHDT9HS2TJ1byRuHkogMZnptt1Qr7xH9L\/VzpSNxCzTDbRWuT7mItsp7riRT2gKyTGhoOmd2mgHLkgbz5iBSoCSNUDxYOsoc54N2LqSMrfyRPrVLK4F+iz5e320T+XiIN\/J75sbfmU2amyA\/tgAfGxijMP5sSp3sZBmMMl50xIJfhb8gcjVVTvfYHJowtHPnaDzxStd5WXXY39OfRQSP1HaGCsMB+ra3SJxPeMqqPZETKnmLpUmsfvqjD7PQ+RbQxPo35MX3HK+7c2bkXbeciKwGPrnCZ+HBCTiUNMNWKq+BXuITWnU++pv37wwbCH3moLZJ+teeN29yC0mdMDvDOLD7Ox6F+EJrlYyttwLV6sasd5qohHeWqN9NvQ27K5erCE6YAvqETtyLHFVrO9Dji6YXO5YrcZpL68nxE8ad4W3qt7yUSP6SYf3As4yk0mP\/RTWu2nrTdGD5lDaxnUr+QILWyCfEtuwFOuWVRQpvuYfIeRRuTGYyy3mJXe5G+GjYoCY4wtvQoBVINu\/gdFOMRV3sajpjT\/h88EK\/\/Bn4VUNW8hmKvlEqiU9NXHMQbBya1xCaWu7fidqZ6Sk16clO2IfhBpSlizMLxsdWbXwCaeABGzpNJ+xWkDwwPqXJLjaNor96a9NqJjv1Yf1xv3Aaw9+t7GbI3UyWNvcbWpLvOoBgYJOuMg8G4PznS+d64avRAnaeD0ZKjWOYvIXhxUgeBT1dkE4yZSSvkVp+t82oe6mKiVM46LEs5mzS8s8\/8E3nAmuyG5h2dN8nCjOdNpTHBl+TDjUVJ68t4GpEFCXW\/V9VvkWso\/lwhXdQIozYYVWIHb\/la5l2+\/JuwDGcrQDwMukvLOySMX3OfaFseRIdfdKoqZOa+5WeVxmpfTghjXKy0D6IG594ZkNJXYVvt3x6XiSICkupFJTPXebjJmf8u6s1zFcbbRTIbfZcz8xAejZCej7ZsvN8sXwyVOWETwyZpQOrb8+vvxCSh0kaSpr8EkP76o9mHZ8O2ClWfcJ7PZAaDCe6RfxfonVpY+i5+0uhJZQy8tS8913w\/uovBZeRpkg0+pJCZ7+48yDMn+BXPWIqQmjnByB2p0CVpA5\/DWSPASKN\/93KsY5XILFT13pFdfTwrrml7C\/OyzqBfKyvxrHu9stC2Am1dZloT1aMDRixBJWGC2vJJV8mlL5Zm62wsOuoOMOe46w++VHNAoQNMfHSERmahOOc6ZOtu03fMiudyWb5SuNSIaNoAthTKw57cz7K2tgWx4UoMoSc2dcKLj7q7vhofEIbWzN5MdRBKS3GOl\/WOdHnPcSCy\/2mQX3UXiYZuAFI1QE5bhiNCvHmw1OFAOEX8kxBkwdJ9yW9tFjUbiUylRYxbRgdaZrrOwXGzxKEJiHRFqJMTA2cy\/gwWHYWfeGVfIk3pDvfdJaFVvLjd5wAbFjoxg38qZVoby2ec5n5XMOiQj9cQkQkawx4JlrvqkRYjm2fsfgTqpCqIcItTsMDlq1zCr07bpBYHHBKw2vM\/DGDFyDTtbrZN\/\/CwHhKJi8k5vQvK1H1Iw67DaaLgfa1GdNVnncTGGpkmk\/jGSRK9xB8iiIxVXebvYeqYZum5dA2MzlUt8HhVW+YS+7Mpf75TBtWfCy3Rik3FASQfdTZ96Mx5xStcSqXXN1h7NLgKjRPpHBwbxsedQJOogpvfHa9gl\/pnquvEAM6xHqq2oTOEo9XJHI1ujXWNWIJ7oEA327lkS1E7T"} +01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513729660364,"flow_src_last_pkt_time":1623513729660364,"flow_dst_last_pkt_time":1623513729660364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513729660364,"l3_proto":"ip4","src_ip":"183.23.159.144","dst_ip":"108.140.147.22","src_port":37787,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513729660364,"flow_src_last_pkt_time":1623513729660364,"flow_dst_last_pkt_time":1623513729660364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513729660364,"l3_proto":"ip4","src_ip":"183.23.159.144","dst_ip":"108.140.147.22","src_port":37787,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513645438057,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513729660364,"l3_proto":"ip4","src_ip":"152.14.223.145","dst_ip":"71.98.228.93","src_port":57113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00583{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1623513729660364} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 2/2 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 2700 bytes +~~ total detected protocols..: 2 +~~ total active/idle flows...: 2/2 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7616576 bytes +~~ total memory freed........: 7616576 bytes +~~ total allocations/frees...: 142741/142741 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 519 chars +~~ json string max len.......: 2352 chars +~~ json string avg len.......: 1431 chars diff --git a/test/results/default/quic_crypto_aes_auth_size.pcap.out b/test/results/default/quic_crypto_aes_auth_size.pcap.out index e94069828..0a42a09bc 100644 --- a/test/results/default/quic_crypto_aes_auth_size.pcap.out +++ b/test/results/default/quic_crypto_aes_auth_size.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7991197 bytes -~~ total memory freed........: 7991197 bytes -~~ total allocations/frees...: 148344/148344 +~~ total memory allocated....: 7620882 bytes +~~ total memory freed........: 7620882 bytes +~~ total allocations/frees...: 142747/142747 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 531 chars ~~ json string max len.......: 2366 chars diff --git a/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out index dd10e0492..68e32b4aa 100644 --- a/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7989129 bytes -~~ total memory freed........: 7989129 bytes -~~ total allocations/frees...: 148333/148333 +~~ total memory allocated....: 7618790 bytes +~~ total memory freed........: 7618790 bytes +~~ total allocations/frees...: 142736/142736 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 541 chars ~~ json string max len.......: 2262 chars diff --git a/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index 4c2f59915..18e0bd66b 100644 --- a/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -673,9 +673,9 @@ ~~ total active/idle flows...: 113/113 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9896172 bytes -~~ total memory freed........: 9896172 bytes -~~ total allocations/frees...: 152406/152406 +~~ total memory allocated....: 9528521 bytes +~~ total memory freed........: 9528521 bytes +~~ total allocations/frees...: 146809/146809 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 556 chars ~~ json string max len.......: 2404 chars diff --git a/test/results/default/quic_interop_V.pcapng.out b/test/results/default/quic_interop_V.pcapng.out index d91dd70d5..5ed43c11e 100644 --- a/test/results/default/quic_interop_V.pcapng.out +++ b/test/results/default/quic_interop_V.pcapng.out @@ -447,9 +447,9 @@ ~~ total active/idle flows...: 77/77 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8130911 bytes -~~ total memory freed........: 8130911 bytes -~~ total allocations/frees...: 149375/149375 +~~ total memory allocated....: 7762396 bytes +~~ total memory freed........: 7762396 bytes +~~ total allocations/frees...: 143778/143778 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 522 chars ~~ json string max len.......: 2241 chars diff --git a/test/results/default/quic_q39.pcap.out b/test/results/default/quic_q39.pcap.out index 85ccb307e..cbfab0894 100644 --- a/test/results/default/quic_q39.pcap.out +++ b/test/results/default/quic_q39.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7965885 bytes -~~ total memory freed........: 7965885 bytes -~~ total allocations/frees...: 148348/148348 +~~ total memory allocated....: 7595546 bytes +~~ total memory freed........: 7595546 bytes +~~ total allocations/frees...: 142751/142751 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2352 chars diff --git a/test/results/default/quic_q43.pcap.out b/test/results/default/quic_q43.pcap.out index 24b2e3b58..942e912b9 100644 --- a/test/results/default/quic_q43.pcap.out +++ b/test/results/default/quic_q43.pcap.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964157 bytes -~~ total memory freed........: 7964157 bytes -~~ total allocations/frees...: 148289/148289 +~~ total memory allocated....: 7593818 bytes +~~ total memory freed........: 7593818 bytes +~~ total allocations/frees...: 142692/142692 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2323 chars diff --git a/test/results/default/quic_q46.pcap.out b/test/results/default/quic_q46.pcap.out index 3ae6fe3fa..b0627fa2e 100644 --- a/test/results/default/quic_q46.pcap.out +++ b/test/results/default/quic_q46.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964723 bytes -~~ total memory freed........: 7964723 bytes -~~ total allocations/frees...: 148308/148308 +~~ total memory allocated....: 7594384 bytes +~~ total memory freed........: 7594384 bytes +~~ total allocations/frees...: 142711/142711 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2350 chars diff --git a/test/results/default/quic_q46_b.pcap.out b/test/results/default/quic_q46_b.pcap.out index 9ca535b1f..35219611b 100644 --- a/test/results/default/quic_q46_b.pcap.out +++ b/test/results/default/quic_q46_b.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964725 bytes -~~ total memory freed........: 7964725 bytes -~~ total allocations/frees...: 148308/148308 +~~ total memory allocated....: 7594386 bytes +~~ total memory freed........: 7594386 bytes +~~ total allocations/frees...: 142711/142711 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 2419 chars diff --git a/test/results/default/quic_q50.pcap.out b/test/results/default/quic_q50.pcap.out index bee88bb16..69f5ba6b4 100644 --- a/test/results/default/quic_q50.pcap.out +++ b/test/results/default/quic_q50.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7975040 bytes -~~ total memory freed........: 7975040 bytes -~~ total allocations/frees...: 148327/148327 +~~ total memory allocated....: 7604701 bytes +~~ total memory freed........: 7604701 bytes +~~ total allocations/frees...: 142730/142730 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2350 chars diff --git a/test/results/default/quic_t50.pcap.out b/test/results/default/quic_t50.pcap.out index bff7b3eb4..f59c64e1e 100644 --- a/test/results/default/quic_t50.pcap.out +++ b/test/results/default/quic_t50.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7974827 bytes -~~ total memory freed........: 7974827 bytes -~~ total allocations/frees...: 148321/148321 +~~ total memory allocated....: 7604488 bytes +~~ total memory freed........: 7604488 bytes +~~ total allocations/frees...: 142724/142724 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2355 chars diff --git a/test/results/default/quic_t51.pcap.out b/test/results/default/quic_t51.pcap.out index a687f5e7a..e56221cbc 100644 --- a/test/results/default/quic_t51.pcap.out +++ b/test/results/default/quic_t51.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7974830 bytes -~~ total memory freed........: 7974830 bytes -~~ total allocations/frees...: 148321/148321 +~~ total memory allocated....: 7604491 bytes +~~ total memory freed........: 7604491 bytes +~~ total allocations/frees...: 142724/142724 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2354 chars diff --git a/test/results/default/quickplay.pcap.out b/test/results/default/quickplay.pcap.out index 968244b81..5c4740aa0 100644 --- a/test/results/default/quickplay.pcap.out +++ b/test/results/default/quickplay.pcap.out @@ -145,9 +145,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8026679 bytes -~~ total memory freed........: 8026679 bytes -~~ total allocations/frees...: 148853/148853 +~~ total memory allocated....: 7656888 bytes +~~ total memory freed........: 7656888 bytes +~~ total allocations/frees...: 143260/143260 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 2445 chars diff --git a/test/results/default/radius_false_positive.pcapng.out b/test/results/default/radius_false_positive.pcapng.out index 329ae9e54..b291d5964 100644 --- a/test/results/default/radius_false_positive.pcapng.out +++ b/test/results/default/radius_false_positive.pcapng.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964389 bytes -~~ total memory freed........: 7964389 bytes -~~ total allocations/frees...: 148297/148297 +~~ total memory allocated....: 7594050 bytes +~~ total memory freed........: 7594050 bytes +~~ total allocations/frees...: 142700/142700 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 529 chars ~~ json string max len.......: 2231 chars diff --git a/test/results/default/raknet.pcap.out b/test/results/default/raknet.pcap.out index bb9ba5ffa..739d3726b 100644 --- a/test/results/default/raknet.pcap.out +++ b/test/results/default/raknet.pcap.out @@ -101,9 +101,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7989113 bytes -~~ total memory freed........: 7989113 bytes -~~ total allocations/frees...: 148474/148474 +~~ total memory allocated....: 7619038 bytes +~~ total memory freed........: 7619038 bytes +~~ total allocations/frees...: 142877/142877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2473 chars diff --git a/test/results/default/rdp.pcap.out b/test/results/default/rdp.pcap.out index 61d21abf0..8052bfa2a 100644 --- a/test/results/default/rdp.pcap.out +++ b/test/results/default/rdp.pcap.out @@ -7,21 +7,20 @@ 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1559207465181421,"flow_dst_last_pkt_time":1559207465180991,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":63,"pkt_l4_len":39,"thread_ts_usec":1559207465181421,"pkt":"AgAAAEUAADsAAEAAQAbIvawQArnAqAKOzQ4NPfm84llHmr+9UBggAE34AAADAAATDuAAAAAAAAEACAALAAAA"} 01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1559207465138576,"flow_src_last_pkt_time":1559207465181421,"flow_dst_last_pkt_time":1559207465180991,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559207465181421,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1559207465181421,"flow_dst_last_pkt_time":1559207465227138,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":63,"pkt_l4_len":39,"thread_ts_usec":1559207465227138,"pkt":"AgAAAEUAADtflUAAfwYqKMCoAo6sEAK5DT3NDkeav735vOJsUBj57ULVAAADAAATDtAAABI0AAIfCAAIAAAA"} -02301{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1559207465138576,"flow_src_last_pkt_time":1559207465679719,"flow_dst_last_pkt_time":1559207465679652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":572,"flow_dst_max_l4_payload_len":1179,"flow_src_tot_l4_payload_len":1691,"flow_dst_tot_l4_payload_len":1900,"midstream":0,"thread_ts_usec":1559207465679719,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"data_analysis": {"iat": {"min":149,"avg":34910.3,"max":86174,"stddev":23095.5,"var":533403456.0,"ent":4.5,"data": [42415,42485,360,46147,45785,5885,50430,44534,5170,48270,43112,41453,86174,44710,10166,53885,43706,302,43769,43467,297,43729,43444,307,149,43556,40251,83348,297,42450,42166]},"pktlen": {"min":40,"avg":153.3,"max":1219,"stddev":233.3,"var":54415.1,"ent":4.1,"data": [64,52,40,59,59,40,213,1219,40,166,91,40,126,331,40,612,128,40,145,73,40,531,195,40,81,77,40,80,40,81,84,40]},"bins": {"c_to_s": [12,3,1,2,0,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,4,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,0,1,1,0,0,1,0],"entropies": [4.441382408,4.923395157,4.571928501,4.281987667,4.796913624,4.630641460,5.275919437,7.619496822,4.680641174,6.597459316,5.503854275,4.680641174,6.437798500,7.132068157,4.680641174,7.669749737,6.215856552,4.680641174,6.650300980,5.246529579,4.680641174,7.538676739,6.737553120,4.680641174,5.756097317,5.626734734,4.881687641,5.445608139,4.680641174,5.722887993,5.468319893,4.680641174]},"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -01108{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2010,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":936,"flow_dst_packets_processed":1074,"flow_first_seen":1559207465138576,"flow_src_last_pkt_time":1559207472612156,"flow_dst_last_pkt_time":1559207472692980,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":578,"flow_dst_max_l4_payload_len":1273,"flow_src_tot_l4_payload_len":17682,"flow_dst_tot_l4_payload_len":516561,"midstream":0,"thread_ts_usec":1559207472692980,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00584{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2010,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","packets-captured":2010,"packets-processed":2010,"total-skipped-flows":0,"total-l4-payload-len":534243,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1559207472692980} +01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":7,"flow_first_seen":1559207465138576,"flow_src_last_pkt_time":1559207465466244,"flow_dst_last_pkt_time":1559207465509666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":572,"flow_dst_max_l4_payload_len":1179,"flow_src_tot_l4_payload_len":1081,"flow_dst_tot_l4_payload_len":1661,"midstream":0,"thread_ts_usec":1559207465509666,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} +00576{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":2742,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1559207465509666} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 2010/2010 +~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 534243 bytes +~~ total layer4 data length..: 2742 bytes ~~ total detected protocols..: 1 ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8022399 bytes -~~ total memory freed........: 8022399 bytes -~~ total allocations/frees...: 150298/150298 +~~ total memory allocated....: 7594350 bytes +~~ total memory freed........: 7594350 bytes +~~ total allocations/frees...: 142711/142711 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars -~~ json string max len.......: 2306 chars -~~ json string avg len.......: 1324 chars +~~ json string max len.......: 1105 chars +~~ json string avg len.......: 791 chars diff --git a/test/results/default/rdp2.pcap.out b/test/results/default/rdp2.pcap.out new file mode 100644 index 000000000..4854ff7f3 --- /dev/null +++ b/test/results/default/rdp2.pcap.out @@ -0,0 +1,44 @@ +00505{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1622724948504706} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1622724948504706,"flow_src_last_pkt_time":1622724948504706,"flow_dst_last_pkt_time":1622724948504706,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622724948504706,"l3_proto":"ip4","src_ip":"192.168.122.181","dst_ip":"192.168.122.2","src_port":54759,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +02160{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1622724948504706,"flow_dst_last_pkt_time":1622724948504706,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1622724948504706,"pkt":"UlQATzIvUlQAsDb7CABFAATsljsAAIARKb3AqHq1wKh6AtXnDT0E2Hry\/\/\/\/\/wBAGAG7\/1aHBNAE0KaQQMHfeUi3j6CMTWNjAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} +02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1622724948504706,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1622724948618376,"pkt":"UlQAsDb7UlQATzIvCABFAATsY5IAAIARXGbAqHoCwKh6tQ091ecE2Hryu\/9WhwBAEAVNZ3lmBNAE0AABAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} +01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1622724948504706,"flow_src_last_pkt_time":1622724948504706,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":1232,"midstream":0,"thread_ts_usec":1622724948618376,"l3_proto":"ip4","src_ip":"192.168.122.181","dst_ip":"192.168.122.2","src_port":54759,"dst_port":3389,"l4_proto":"udp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} +00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1622724949145111,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":187,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":187,"pkt_l4_len":153,"thread_ts_usec":1622724949145111,"pkt":"UlQATzIvUlQAsDb7CABFAACtljwAAIARLfvAqHq1wKh6AtXnDT0AmXazABTBAfQBZOBkAAEAFgMCAIABAAB8AwJguNFUNPYALrQay30kCVW9o2xX1uvvm8Mwc0UHAddumwAADsAKwAnAFMATADUALwAKAQAARQAAACIAIAAAHVdJTi04UVNPMEQzT0tCSS5IQVJERU5JTkcuQ09NAAoACAAGAB0AFwAYAAsAAgEAACMAAAAXAAD\/AQABAA=="} +01854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1622724949145292,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1049,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1049,"pkt_l4_len":1015,"thread_ts_usec":1622724949145292,"pkt":"UlQATzIvUlQAsDb7CABFAAQLlj0AAIARKpzAqHq1wKh6AtXnDT0D93oRABTAZABlAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} +00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1622724950156874,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":184,"pkt_l4_len":150,"thread_ts_usec":1622724950156874,"pkt":"UlQATzIvUlQAsDb7CABFAACqlj4AAIARLfzAqHq1wKh6AtXnDT0AlnawARTAZgBmAOAAFgMCAIABAAB8AwJguNFUNPYALrQay30kCVW9o2xX1uvvm8Mwc0UHAddumwAADsAKwAnAFMATADUALwAKAQAARQAAACIAIAAAHVdJTi04UVNPMEQzT0tCSS5IQVJERU5JTkcuQ09NAAoACAAGAB0AFwAYAAsAAgEAACMAAAAXAAD\/AQABAA=="} +00572{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":4776,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1643703419087056} +00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419087056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":338,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703419087056,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00966{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419087056,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":384,"pkt_l4_len":346,"thread_ts_usec":1643703419087056,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQABbs46AAB9ETIeCgglZApkAlfJxA09AVquCxCXYDMEAAAMAAEAAOZfhG3mX4RtFgMDAQYQAAECAQCjjsoVyw+wo5FaSAnrLg7K010lQhKSScz0HLEo3RbZDQpHIM8DOug1fzIMKYQ2jr1qowGGVp24rW1cdiGjDHjQOV6PWcwrK5xD0WVcizKFPsYpQTtmVwnbnunVKrb34miQP6S1q3usJoH3aAZyOYvZbk4IHBINWfdUFriPIrr\/SRiWhs0LUsB7qGIfahccFklYvuNjsKIrrqlpK9h8xbck3KFIyOS\/BaBtH43KUJPeIPtNHkAhuKAAgbpPg2MKYItrXno+cMr2LGEd0ULgohWYbDXUDjsQaQwA4c0J9bC\/KQhXBR8FkPLIAN0p1hYzlzPs9uypXcQ2aPmSQzdk3iOuFAMDAAEBFgMDACgAAAAAAAAAAJIpZ7YKWBdulQDNq0fLThVvneR0HNcHCdIdQMDnwqsj"} +00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419092080,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":117,"pkt_l4_len":79,"thread_ts_usec":1643703419092080,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAYzWuAAB\/Ecm1CmQCVwoIJWQNPcnEAE8+OeZfhG0AyAAMAAEBABCXYDQQl2A0FAMDAAEBFgMDACgAAAAAAAAAAPQpDcwTGHQPEV9SAgzXooQGKEmtXTjZ+jovK+hcCckC"} +00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419092080,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":123,"pkt_l4_len":85,"thread_ts_usec":1643703419093178,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAac47AAB9ETMiCgglZApkAlfJxA09AFWLVhCXYDQEAAAMAAEBAOZfhG7mX4RuFwMDADQAAAAAAAAAAVOguCu21iUzhOXCfjn5ZarM7Wg6Bc4AgYCUlt3opwpzOzJhVh9Txja8lfk7"} +00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419098831,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":103,"pkt_l4_len":65,"thread_ts_usec":1643703419098831,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAVTWvAAB\/EcnCCmQCVwoIJWQNPcnEAEFjeuZfhG4AyAAMAAECABCXYDUQl2A1FwMDACAAAAAAAAAAAc2NsClVO\/2TfWxXYNP\/VXrbuW8m6bmGlg=="} +01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419098831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1643703419098831,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419308184,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":117,"pkt_l4_len":79,"thread_ts_usec":1643703419308184,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAYzXBAAB\/EcmiCmQCVwoIJWQNPcnEAE+UuOZfhG4AyAAMAAECABCXYDYQl2A2FwMDAC4AAAAAAAAAAtZqt5fQ0\/FIQe3F9rNB1YJWn0rvMRZkJ5CRsPpUxN\/e+geUeRF5"} +01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1622724948504706,"flow_src_last_pkt_time":1622724950156874,"flow_dst_last_pkt_time":1622724950268127,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":142,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":2526,"flow_dst_tot_l4_payload_len":2250,"midstream":0,"thread_ts_usec":1643703419813768,"l3_proto":"ip4","src_ip":"192.168.122.181","dst_ip":"192.168.122.2","src_port":54759,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} +00575{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","packets-captured":33,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":6526,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1645516407326363} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645516407326363,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407326363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645516407326363,"l3_proto":"ip4","src_ip":"10.50.181.210","dst_ip":"10.50.73.36","src_port":60355,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +02163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407326363,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1278,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1278,"pkt_l4_len":1240,"thread_ts_usec":1645516407326363,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAE7GmRAAB+EbsVCjK10goySSTrww09BNi18v\/\/\/\/8AQBoBn9Z1KwTQBNBytTuEe0pHXbarayMEAgAAAAAAAAAAAAAAAAAAAAAAAAABAAJxu76IlD5YIdOR5pAOInyh18cxrcRBftGPwdGegtbSDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} +02161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407357265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1278,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1278,"pkt_l4_len":1240,"thread_ts_usec":1645516407357265,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAE7Gh0AAB\/EbsyCjJJJAoytdINPevDBNiXc5\/WdSsAQBAFx21cFwTQBNAAAQACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} +01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1645516407326363,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407357265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":1232,"midstream":0,"thread_ts_usec":1645516407357265,"l3_proto":"ip4","src_ip":"10.50.181.210","dst_ip":"10.50.73.36","src_port":60355,"dst_port":3389,"l4_proto":"udp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} +00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1645516407365232,"flow_dst_last_pkt_time":1645516407357265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":199,"pkt_l4_len":161,"thread_ts_usec":1645516407365232,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAAtWmTAAB+Eb9KCjK10goySSTrww09AKHw6sdtXBcEAAAMAAAAAJ\/WdSyf1nUsFv7\/AAAAAAAAAAAAeAEAAGwAAAAAAAAAbP7\/YhSWd3AWJ5LV+bA4HU4647GsucjUQNP74GNK\/bd2kPEAAAAOwArACcAUwBMANQAvAAoBAAA0AAAAEQAPAAAMZHJjc2FsZ2ZjMDQzAAoACAAGAB0AFwAYAAsAAgEAACMAAAAXAAD\/AQABAA=="} +00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1645516407369717,"flow_dst_last_pkt_time":1645516407357265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":199,"pkt_l4_len":161,"thread_ts_usec":1645516407369717,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAAtWmVAAB+Eb9ICjK10goySSTrww09AKHv6MdtXBcEAAAMAAAAAJ\/WdS2f1nUtFv7\/AAAAAAAAAAEAeAEAAGwAAAAAAAAAbP7\/YhSWd3AWJ5LV+bA4HU4647GsucjUQNP74GNK\/bd2kPEAAAAOwArACcAUwBMANQAvAAoBAAA0AAAAEQAPAAAMZHJjc2FsZ2ZjMDQzAAoACAAGAB0AFwAYAAsAAgEAACMAAAAXAAD\/AQABAA=="} +00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1645516407369717,"flow_dst_last_pkt_time":1645516407447477,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"thread_ts_usec":1645516407447477,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAAbGh2AAB\/Eb+wCjJJJAoytdINPevDAFgPqJ\/WdSwAyAAMAAEATMdtXBjHbVwYFv7\/AAAAAAAAAAAALwMAACMAAAAAAAAAI\/7\/ICkHUCOZ3SBJZt72VIcV8EqRaEuGxgoLTFfRn5x3ANZP"} +01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419813768,"flow_dst_last_pkt_time":1643703419812713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":848,"flow_dst_tot_l4_payload_len":902,"midstream":0,"thread_ts_usec":1645516407454743,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} +01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1645516407326363,"flow_src_last_pkt_time":1645516407450379,"flow_dst_last_pkt_time":1645516407454743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1723,"flow_dst_tot_l4_payload_len":1328,"midstream":0,"thread_ts_usec":1645516407454743,"l3_proto":"ip4","src_ip":"10.50.181.210","dst_ip":"10.50.73.36","src_port":60355,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} +00577{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":9577,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1645516407454743} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 39/39 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 9577 bytes +~~ total detected protocols..: 3 +~~ total active/idle flows...: 3/3 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7599169 bytes +~~ total memory freed........: 7599169 bytes +~~ total allocations/frees...: 142754/142754 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 510 chars +~~ json string max len.......: 2168 chars +~~ json string avg len.......: 1338 chars diff --git a/test/results/default/reasm_crash_anon.pcapng.out b/test/results/default/reasm_crash_anon.pcapng.out index 08a034ec3..9936a0b4e 100644 --- a/test/results/default/reasm_crash_anon.pcapng.out +++ b/test/results/default/reasm_crash_anon.pcapng.out @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7972208 bytes -~~ total memory freed........: 7972208 bytes -~~ total allocations/frees...: 148497/148497 +~~ total memory allocated....: 7601869 bytes +~~ total memory freed........: 7601869 bytes +~~ total allocations/frees...: 142900/142900 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 524 chars ~~ json string max len.......: 2018 chars diff --git a/test/results/default/reasm_segv_anon.pcapng.out b/test/results/default/reasm_segv_anon.pcapng.out index bfa6e979e..bc908455f 100644 --- a/test/results/default/reasm_segv_anon.pcapng.out +++ b/test/results/default/reasm_segv_anon.pcapng.out @@ -50,9 +50,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966477 bytes -~~ total memory freed........: 7966477 bytes -~~ total allocations/frees...: 148369/148369 +~~ total memory allocated....: 7596138 bytes +~~ total memory freed........: 7596138 bytes +~~ total allocations/frees...: 142772/142772 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 356 chars ~~ json string max len.......: 2505 chars diff --git a/test/results/default/reddit.pcap.out b/test/results/default/reddit.pcap.out index c735ea028..377e9215c 100644 --- a/test/results/default/reddit.pcap.out +++ b/test/results/default/reddit.pcap.out @@ -594,9 +594,9 @@ ~~ total active/idle flows...: 60/60 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8861732 bytes -~~ total memory freed........: 8861732 bytes -~~ total allocations/frees...: 151376/151376 +~~ total memory allocated....: 8492809 bytes +~~ total memory freed........: 8492809 bytes +~~ total allocations/frees...: 145779/145779 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2206 chars diff --git a/test/results/default/riot.pcapng.out b/test/results/default/riot.pcapng.out index 0316bb555..71dee4dfe 100644 --- a/test/results/default/riot.pcapng.out +++ b/test/results/default/riot.pcapng.out @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7987804 bytes -~~ total memory freed........: 7987804 bytes -~~ total allocations/frees...: 148319/148319 +~~ total memory allocated....: 7617489 bytes +~~ total memory freed........: 7617489 bytes +~~ total allocations/frees...: 142722/142722 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2417 chars diff --git a/test/results/default/riotgames.pcap.out b/test/results/default/riotgames.pcap.out index c8d3ccf05..0f74d22ed 100644 --- a/test/results/default/riotgames.pcap.out +++ b/test/results/default/riotgames.pcap.out @@ -68,9 +68,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7982175 bytes -~~ total memory freed........: 7982175 bytes -~~ total allocations/frees...: 148419/148419 +~~ total memory allocated....: 7612028 bytes +~~ total memory freed........: 7612028 bytes +~~ total allocations/frees...: 142822/142822 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 1102 chars diff --git a/test/results/default/roblox.pcapng.out b/test/results/default/roblox.pcapng.out new file mode 100644 index 000000000..32fc109d1 --- /dev/null +++ b/test/results/default/roblox.pcapng.out @@ -0,0 +1,55 @@ +00509{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00572{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1686316283692571} +00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686316283692571,"flow_src_last_pkt_time":1686316283692571,"flow_dst_last_pkt_time":1686316283692571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686316283692571,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.89.113","src_port":42965,"dst_port":63862,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +02327{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1686316283692571,"flow_dst_last_pkt_time":1686316283692571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1398,"pkt_l4_len":1364,"thread_ts_usec":1686316283692571,"pkt":"CL6sCxduJjb1W8R1CABFAAVoAABAAEARjlvAqAycgHRZcafV+XYFVItnewD\/\/wD+\/v7+\/f39\/RI0VngFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} +01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686316283692571,"flow_src_last_pkt_time":1686316283692571,"flow_dst_last_pkt_time":1686316283692571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686316283692571,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.89.113","src_port":42965,"dst_port":63862,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1686316283692571,"flow_dst_last_pkt_time":1686316283715894,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1686316283715894,"pkt":"Jjb1W8R1CL6sCxduCABFAAA4PhNAADARZXiAdFlxwKgMnPl2p9UAJOizfgD\/\/wD+\/v7+\/f39\/RI0VniY1Vc68GbELQAFdA=="} +02334{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1686316283722139,"flow_dst_last_pkt_time":1686316283715894,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1398,"pkt_l4_len":1364,"thread_ts_usec":1686316283722139,"pkt":"CL6sCxduJjb1W8R1CABFAAVojkQAAEARQBfAqAycgHRZcafV+XYFVNJAeAD\/\/wD+\/v7+\/f39\/RI0VngDWgBdAAWMdd9uQ7NpGgOhoYi8nfcwLlI4AswNUNvsoQ6DKQkAGwghKDBFshXIRM2XJXvBidNeggZvzX\/kyB+nlZPJcJmc25ICaHBmFydZwxUINC4Xd1313TUOcEgjDKFmz7hlJq0yWbtNANy1\/txyGQYUz16nEG8q\/oagDD9Wru1Hu4aNJZCFatseAORC4DnLiBzwbHn9Q2x0TeCKO\/280zWS8tZ\/VW5pcXVlTnVtYmVyumVikfryC\/7T1VFMD72n\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} +00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1686316283722139,"flow_dst_last_pkt_time":1686316283745111,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_usec":1686316283745111,"pkt":"Jjb1W8R1CL6sCxduCABFAACjPhVAADARZQuAdFlxwKgMnPl2p9UAj60rfQD\/\/wD+\/v7+\/f39\/RI0VngAFQA6KQZa0sRtHHINSugdjneH71HbJPrs2WmuloLWA7qdZsLAv\/Tv4s4lcDZqajYfPkJOSaD6B9FKFRMoNyz0dQ01Tk6oE\/xH0uSTy+zMqkkQu2C8nl4kZQ9VbmlxdWVOdW1iZXKswqq9E3ZFZOtuq0fI4wO4"} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1686316283749853,"flow_dst_last_pkt_time":1686316283745111,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686316283749853,"pkt":"CL6sCxduJjb1W8R1CABFAABSjkUAAEARRSzAqAycgHRZcafV+XYAPtlJYGTWWRG549xcblYhFobcQVIGKzGWHYb1P9NHbEvomle2dk0uVW59nvfbyIwLnDhM+BPSaF68"} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316283901532,"flow_dst_last_pkt_time":1686316283901532,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686316283901532,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1686316283901532,"flow_dst_last_pkt_time":1686316283901532,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1686316283901532,"pkt":"CL6sCxduJjb1W8R1CABFAAA8W21AAEAGF5LAqAycgHR6BJh6Abv5vHLHAAAAAKAC\/\/9csAAAAgQFtAQCCArVk0dDAAAAAAEDAwk="} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1686316283901532,"flow_dst_last_pkt_time":1686316283929999,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1686316283929999,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8AABAADUGff+AdHoEwKgMnAG7mHqQakPr+bxyyKASi9BrpgAAAgQFeAQCCApBME\/b1ZNHQwEDAww="} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1686316284095650,"flow_dst_last_pkt_time":1686316283929999,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1686316284095650,"pkt":"CL6sCxduJjb1W8R1CABFAAA0W25AAEAGF5nAqAycgHR6BJh6Abv5vHLIkGpD7IAQAKwkngAAAQEICtWTSAVBME\/b"} +01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1686316284117183,"flow_dst_last_pkt_time":1686316283929999,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1686316284117183,"pkt":"CL6sCxduJjb1W8R1CABFAAI5W29AAEAGFZPAqAycgHR6BJh6Abv5vHLIkGpD7IAYAKwjXQAAAQEICtWTSBtBME\/bFgMBAgABAAH8AwOVPM2Zk\/f0h6JkqYyQC+LevaI4i2aXEDSq4N+531mozCCEEkqPT4hvfG5BhIptV74wk3A2PYO6qS2cp+AMu2mVSAA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAAF1AAAAGQAXAAAUYXNzZXRnYW1lLnJvYmxveC5jb20ACwAEAwABAgAKAAwACgAdABcAHgAZABgzdAAAABAACwAJCGh0dHAvMS4xABYAAAAXAAAAMQAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAUEAwQDAwAtAAIBAQAzACYAJAAdACBCB0qmS1yZNyxufy0GRILWwNzGjT67ZA4XDafP7wV4AgAVALAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01171{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316284117183,"flow_dst_last_pkt_time":1686316283929999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686316284117183,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"assetgame.roblox.com","tls": {"version":"TLSv1.2","ja3":"f436b9416f37d134cadd04886327d3e8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}} +02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1686316284117183,"flow_dst_last_pkt_time":1686316284145726,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1686316284145726,"pkt":"Jjb1W8R1CL6sCxduCABFAAXcEjxAADUGZiOAdHoEwKgMnAG7mHqQakPs+bx0zYAQAAnwhAAAAQEICkEwULPVk0gbFgMDAHoCAAB2AwP4BXPwGT00VIKjwhz\/iAjBX5hcQlAkH8qUL2GYRZ2JDyCEEkqPT4hvfG5BhIptV74wk3A2PYO6qS2cp+AMu2mVSBMBAAAuACsAAgMEADMAJAAdACDv+sSz2sc9nAJ2xwbZNggYo\/XMPVfMs1rZ+FhiOG7sbhQDAwABARcDAwAqj+ObT3wmRQmspaK+qrIa0FIN2nKpicKwZLltd1NMgyZxPs+Q5NFbKMq1FwMDFt7NiDihBiTew2A1WYHeDFdb5XjnvadO4mz9ZVoyi1Ud7AuqmJ+YhFC\/tSnrhA\/L9YMIX2NDYlSfhkKS61LUR3CsO5LWxV6DUNKqWrFqcTDF8xzIxNty2lMXpegl17yEWyWtR4qECJaNI0mFsBGmeiHmJCTnM1GmMWo91RdX4cVtapki45ZCFFhYF7chaucSShcOZFWE63CfZodB8A40WMSp9k7zkyemrxe5n0d6xWkWN8TPelzxLckRFGlo8kHq+PtReTKHOKWX5Zy\/6g4PcgoBi\/6rBmWM45HnQ+\/LknwOl9OivcqylNqUEfZO6tK2muefZQVPfbuuj+VXsN60KrKQRolxaOXUyCjHdGsiOv21Hn31cZeqEh5fNBDNGGOGaHas494sghqnDFo4qeI3vRmyL5KQVb3s9rt+Ci8FuYv10vMhHS1aLhUHGod3kY8qnWue1aHYZnxHYkk5YwGoz\/bf4MMd5ArSh27vxxzyYrYCFzNRDox47Dy1phgxx4k5IiPGwqGraYagHEj4rzEJuaJSgbhvXVx8ur8RBTFWlbn9V9o7zCyhFyjpdF8Vr1GNh\/5cfLE84m6h1kHKyQxl1YRe+0iZ6LpbSYEG3alX+6vxuOKfc8y9tVeg4A0MXdj3bf5SY8tForlzUVmEyfWkEvXuIG5TbGI3BbQTi\/x9B63QNDd8HujYxb4IKgGUYPxObk8szG+W3pZljxqX7uKnvHk7gF6WS1N+\/SdVK8FeBQZRRtnUXBSYfMNUQVr4PZnIRzwdZpS9BpXNqLj+w7eQcFCVWDU00\/cMybr2LM0khbNMHA0G9NB3RsWxJz2d8kJcY3XuEG3eiJnPzBo0AxV8u8rXuzBF56HtPyrdp6CsITbT2CK9OdxNnHlB6yXkXulNvClvweEwpJtm\/IxMsqEEOYhNsr4whK3WPvN7X6bOC\/dQfyaxmfyYAWB3dFl\/JGabl8sJoB6fxJaBAAcKLtRAXYmLBv6ZmmZj5WyC7bzZwBnoCmJmyMK1sMXQv1Pk5WMVJEPtEvxX0nxspeMnd+A+UZPGnb9Rmh6bp43bceptOmDswoXcUs2K31dd8Ly4f63mJHzOOcNTe6BlkHJf12AyJ2ke3vR2afu1m5ra3u79zEP\/SK5u5S0TNxJWBMK9F+WNbvSgx9WgrGqGuUWHiLuX9ckai13\/ulSH0DmgGDWc+V+Z6DLKD0HiOd+WQNkMLFV1jVvCZf3HDSS0yv\/SQ54Y9YBBBTdI+Y5i+Pv\/kQo5sBDRkyHDG33HajhsGNrGOZCybwHs5a1kpsDabpgf0VU8GZJBD5Hgd+lIZxqt1YblX3jwEpkKjCar+TbJ6HyKIVWdhHeOEhwwLFfki93bsT0beK8KJMz63nEv0YIOtQHWsiAuAwpzSnHJtznf2Z0+uCEPwMJgLEO5V7OAd5wxrDhI8ONbOPL3DL3HH6ggibiIQLcFi6HiI29Y+9b6G6RmmPAlyA4rw6PIK9cU9BFkJujokIKPu2o0\/4jJkMpL316i4xHdbWh4\/7\/2JB\/A9H9JyIhKoSZPq0IKNmOZejI9rUJowqzW+B9m3zB1DZjf8MdO6LjPPDYFYzeu1pKFrZH0c0aWZ8cwagPf5nE6xiuAQ8ZdqDMiYsu\/R992FEud16tqrGdqp0G6kY2eJinf4uLYYyuxMS4THTGHQDSMdrIGDdz+Ri0="} +01216{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316284117183,"flow_dst_last_pkt_time":1686316284145726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1686316284145726,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"assetgame.roblox.com","tls": {"version":"TLSv1.3","ja3":"f436b9416f37d134cadd04886327d3e8","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}} +02007{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316295462569,"flow_dst_last_pkt_time":1686316295484971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2279,"flow_dst_tot_l4_payload_len":7499,"midstream":0,"thread_ts_usec":1686316295484971,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":746596.0,"max":10785585,"stddev":2538101.5,"var":6441959161856.0,"ent":1.7,"data": [28467,194118,21533,215727,23,12,472,7,126878,1267,3499,273,4379,2627,513,240,137878,55,702,108040,106788,174593,10000206,310,357197,548002,10785585,40059,91693,5740,187593]},"pktlen": {"min":40,"avg":357.7,"max":1500,"stddev":487.7,"var":237869.3,"ent":3.9,"data": [60,60,52,569,1500,1500,1252,1500,891,52,52,52,52,52,116,1076,702,323,323,52,52,578,52,76,52,52,76,52,52,76,52,40]},"bins": {"c_to_s": [13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,1,1,1,1,0,0,0,0,1],"entropies": [4.779968262,5.300120354,5.195351124,4.779649258,7.870378971,7.875164032,7.842136383,7.870733738,7.754308224,5.156889439,5.156889439,5.118428230,5.118427753,4.988526344,6.087430477,7.824826241,7.718070984,7.273851871,7.313729286,5.195351124,5.118428230,7.627631664,5.195351124,5.716266155,5.233812809,5.065449238,5.742581844,5.142372608,5.118427753,5.663634777,5.118428230,4.019286156]}} +01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316295462569,"flow_dst_last_pkt_time":1686316295484971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2279,"flow_dst_tot_l4_payload_len":7499,"midstream":0,"thread_ts_usec":1686316295484971,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"assetgame.roblox.com","tls": {"version":"TLSv1.3","ja3":"f436b9416f37d134cadd04886327d3e8","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}} +00580{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","packets-captured":48,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":13253,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1686326648493170} +00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326648493170,"flow_src_last_pkt_time":1686326648493170,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326648493170,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":45693,"dst_port":53385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +02329{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1686326648493170,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1398,"pkt_l4_len":1364,"thread_ts_usec":1686326648493170,"pkt":"CL6sCxduJjb1W8R1CABFAAVoAABAAEARu6vAqAycgHQsIbJ90IkFVNfxAQAAHwERAaMCLkuAjaPJ6FqVJdO4\/a0CBgoJAJDQiXsA\/\/8A\/v7+\/v39\/f0SNFZ4BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} +01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326648493170,"flow_src_last_pkt_time":1686326648493170,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326648493170,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":45693,"dst_port":53385,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +02333{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1686326648620348,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1398,"pkt_l4_len":1364,"thread_ts_usec":1686326648620348,"pkt":"CL6sCxduJjb1W8R1CABFAAVohYYAAEARdiXAqAycgHQsIbJ90IkFVE9dAQAAHwERAaMCLkuAjaPJ6FqVJdO4\/a0CBgoJAJDQiXgA\/\/8A\/v7+\/v39\/f0SNFZ4A1oAXQAFk4rXJgmxqgrOVOJ6843nFIuQg\/WiLuQl\/FQ2VTAMUiYIITWWbTIYMS90Dmb6BNib3\/MGD8SS1CFxzdP9F8ujVDU8ehv6UvftfvhBnOPgMom7aasSUC\/IArxt+OIkN0qbZIaMvBfEXYrmoXh00zl7lo2YBffQyuKFEUEiZQ3A8cLS13qD5lri5MYmKxygTAY7HRw9Y8xkCIObwWDTfRLC0lVuaXF1ZU51bWJlcgPGZ3ib2qLo+O2gqLPuMMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} +00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1686326648693868,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1686326648693868,"pkt":"CL6sCxduJjb1W8R1CABFAABxhZIAAEARexDAqAycgHQsIbJ90IkAXeVPAQAAHwERAoJSCQq+6il8U+Lfk82kmGMCBgoJAJDQiXOQSSW5p\/SxYuMIVnsi+3Cbq0SBtA2+HhKOmFuW5enW+vyumVVuUL5HfEPO31XdEyLLJL0+0g=="} +00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1686326648735497,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_usec":1686326648735497,"pkt":"CL6sCxduJjb1W8R1CABFAADPhZYAAEAReq7AqAycgHQsIbJ90IkAu1feAQAAHwERAoJSCQq+6il8U+Lfk82kmGMCBgoJAJDQiSOhwXs81EUpGF0clZxwh2P3UygKHC8e\/FdCO4yF\/1yZUYFulCz5iZZ+QCNx2cVQsjrZ0wnFdbOveSYQifSm+jRHguw6u7\/1BGZzc7yiQwVOigUpuJvvQDdssVe7IofXpdoomWYcFa+GmVL07KVwvlMn\/DpT7nK+LB9mWo8630p36hxWbhXZVxY\/4xezE1Q8MKgG2z0="} +00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1686326648735662,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1686326648735662,"pkt":"CL6sCxduJjb1W8R1CABFAABfhZcAAEARex3AqAycgHQsIbJ90IkAS7YiAQAAHwERAoJSCQq+6il8U+Lfk82kmGMCBgoJAJDQiQPawcSA\/bOuR7gJ5LgpDk+soFdu7AZnfJ12rVYjGKUI3M\/gLA=="} +01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1686316283692571,"flow_src_last_pkt_time":1686316283794515,"flow_dst_last_pkt_time":1686316283806465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":138,"flow_src_tot_l4_payload_len":2977,"flow_dst_tot_l4_payload_len":498,"midstream":0,"thread_ts_usec":1686326648875787,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.89.113","src_port":42965,"dst_port":63862,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":15,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316296142505,"flow_dst_last_pkt_time":1686316295484971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2279,"flow_dst_tot_l4_payload_len":7499,"midstream":0,"thread_ts_usec":1686326648875787,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00580{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","packets-captured":65,"packets-processed":64,"total-skipped-flows":0,"total-l4-payload-len":22280,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1686333469750635} +00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686333469750635,"flow_src_last_pkt_time":1686333469750635,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686333469750635,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":46507,"dst_port":51438,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +02328{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1686333469750635,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1398,"pkt_l4_len":1364,"thread_ts_usec":1686333469750635,"pkt":"CL6sCxduJjb1W8R1CABFAAVoAABAAEARu6vAqAycgHQsIbWryO4FVEvhAQAAHwERAYlJ+hMYU2DqGCGy2n4VfpgCBgoJBgPI7nsA\/\/8A\/v7+\/v39\/f0SNFZ4BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} +01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686333469750635,"flow_src_last_pkt_time":1686333469750635,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686333469750635,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":46507,"dst_port":51438,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +02332{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1686333469764536,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1398,"pkt_l4_len":1364,"thread_ts_usec":1686333469764536,"pkt":"CL6sCxduJjb1W8R1CABFAAVob9oAAEARi9HAqAycgHQsIbWryO4FVPp3AQAAHwERAYlJ+hMYU2DqGCGy2n4VfpgCBgoJBgPI7ngA\/\/8A\/v7+\/v39\/f0SNFZ4A1oAXQAF4SUReVt5JCGDtFeqYI9enEYqUfh+vn9qPHDhYHlzsQYIIZ9aexqyiQkC6jpgEi9zX+EG3xYoS\/S2nF6SJ2OPCyi49qfwJkE9rxWcDGpKcgagAAIUcC4GJPISy1Il5Iba\/3gZ+Avr3rtkL4vFMttF3EvH2PgqY\/GJ6V124e0zqGMlzO2wZFmZLJqrXZFx\/nil1WcYfRx2nsyGcPLTWl26GFVuaXF1ZU51bWJlcjki18Ay3ZkxRq3+BuPpVwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} +00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1686333469831742,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1686333469831742,"pkt":"CL6sCxduJjb1W8R1CABFAABxb9sAAEARkMfAqAycgHQsIbWryO4AXbMdAQAAHwERAkoGEJobUjvDjWy+zNTNvQ4CBgoJBgPI7tWKyhlk35aJB7wUpvRDeqjeGD3cfUcHZu6e7mfPCv4iYWdaRVVuQwk7ts7Q3VQ30bSj8VV8hA=="} +00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1686333470027989,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_usec":1686333470027989,"pkt":"CL6sCxduJjb1W8R1CABFAADPb+MAAEARkGHAqAycgHQsIbWryO4AuwArAQAAHwERAkoGEJobUjvDjWy+zNTNvQ4CBgoJBgPI7gjWOkW8uWysfjvYBS28UEvPERP8x3Qi2fPtDI5SJlKa0ZGMA3VoXnap2EeIODB\/bg0OIm4Hw+G3kXgagjPs69cYGSjr8sVv+6qi3VLxN2uegfA3875UX2wG3assEHh0vttTS3gMjMkDWw2yeNd1mWnYYDsi\/htV31J0r+trvHxRH7hWbtc2pllqvTxvjK2ZCIbpIAE="} +00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1686333470028956,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1686333470028956,"pkt":"CL6sCxduJjb1W8R1CABFAABfb+QAAEARkNDAqAycgHQsIbWryO4AS++iAQAAHwERAkoGEJobUjvDjWy+zNTNvQ4CBgoJBgPI7ncnCfOsPT8PcVse23VWPpNtYldufworZLI4u9rBGniKI+a64A=="} +01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":2,"flow_first_seen":1686326648493170,"flow_src_last_pkt_time":1686326648875787,"flow_dst_last_pkt_time":1686326648846178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":1332,"flow_src_tot_l4_payload_len":6363,"flow_dst_tot_l4_payload_len":2664,"midstream":0,"thread_ts_usec":1686333470172917,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":45693,"dst_port":53385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":1,"flow_first_seen":1686333469750635,"flow_src_last_pkt_time":1686333470172917,"flow_dst_last_pkt_time":1686333470150567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":1332,"flow_src_tot_l4_payload_len":6225,"flow_dst_tot_l4_payload_len":1332,"midstream":0,"thread_ts_usec":1686333470172917,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":46507,"dst_port":51438,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00582{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","packets-captured":78,"packets-processed":78,"total-skipped-flows":0,"total-l4-payload-len":29837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1686333470172917} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 78/78 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 29837 bytes +~~ total detected protocols..: 4 +~~ total active/idle flows...: 4/4 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7624718 bytes +~~ total memory freed........: 7624718 bytes +~~ total allocations/frees...: 142809/142809 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 514 chars +~~ json string max len.......: 2509 chars +~~ json string avg len.......: 1510 chars diff --git a/test/results/default/rsh-syslog-false-positive.pcap.out b/test/results/default/rsh-syslog-false-positive.pcap.out index 90ace0d00..7266855bf 100644 --- a/test/results/default/rsh-syslog-false-positive.pcap.out +++ b/test/results/default/rsh-syslog-false-positive.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964331 bytes -~~ total memory freed........: 7964331 bytes -~~ total allocations/frees...: 148295/148295 +~~ total memory allocated....: 7593992 bytes +~~ total memory freed........: 7593992 bytes +~~ total allocations/frees...: 142698/142698 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 366 chars ~~ json string max len.......: 1663 chars diff --git a/test/results/default/rsh.pcap.out b/test/results/default/rsh.pcap.out index df8926723..06d8bc7ef 100644 --- a/test/results/default/rsh.pcap.out +++ b/test/results/default/rsh.pcap.out @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7971077 bytes -~~ total memory freed........: 7971077 bytes -~~ total allocations/frees...: 148326/148326 +~~ total memory allocated....: 7600762 bytes +~~ total memory freed........: 7600762 bytes +~~ total allocations/frees...: 142729/142729 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 1243 chars diff --git a/test/results/default/rsync.pcap.out b/test/results/default/rsync.pcap.out index 3fae646dc..0ac0dd8e1 100644 --- a/test/results/default/rsync.pcap.out +++ b/test/results/default/rsync.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964969 bytes -~~ total memory freed........: 7964969 bytes -~~ total allocations/frees...: 148317/148317 +~~ total memory allocated....: 7594630 bytes +~~ total memory freed........: 7594630 bytes +~~ total allocations/frees...: 142720/142720 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 971 chars diff --git a/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out b/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out new file mode 100644 index 000000000..a73ae251d --- /dev/null +++ b/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out @@ -0,0 +1,26 @@ +00540{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00603{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1502626544321377} +00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502626544321377,"flow_src_last_pkt_time":1502626544321377,"flow_dst_last_pkt_time":1502626544321377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502626544321377,"l3_proto":"ip4","src_ip":"217.12.244.34","dst_ip":"217.12.247.98","src_port":25963,"dst_port":31601,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} +00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1502626544321377,"flow_dst_last_pkt_time":1502626544321377,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":156,"pkt_l4_len":120,"thread_ts_usec":1502626544321377,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAIxyZUAAQBEqXdkM9CLZDPdiZWt7cQB4niiByAAMXZMVNN06wXBNYU34AAB9AAAAAMgAAH0AAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAgcoADl2TFTQBCDVkOTMxNTM0ByVGcmVlU1dJVENILm9yZyAtLSBDb21lIHRvIENsdWVDb24uY29tAAAA"} +01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502626544321377,"flow_src_last_pkt_time":1502626544321377,"flow_dst_last_pkt_time":1502626544321377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502626544321377,"l3_proto":"ip4","src_ip":"217.12.244.34","dst_ip":"217.12.247.98","src_port":25963,"dst_port":31601,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RTCP","proto_id":"165","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1502626544321377,"flow_dst_last_pkt_time":1502626544329483,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":136,"pkt_l4_len":100,"thread_ts_usec":1502626544329483,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAHhMIEAAQBFQttkM92LZDPQie3FlawBknhSByQAHAZMttAAAAAABAAABAAC+wgAAAAEAAAAAAAAAAIHKAA4Bky20AQcxOTMyZGI0ByVGcmVlU1dJVENILm9yZyAtLSBDb21lIHRvIENsdWVDb24uY29tAAAAAA=="} +00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1502626548341364,"flow_dst_last_pkt_time":1502626544329483,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":156,"pkt_l4_len":120,"thread_ts_usec":1502626548341364,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAIx640AAQBEh39kM9CLZDPdiZWt7cQB4niiByAAMXZMVNN06wXRSgIyCAAD6oAAAAZEAAPqgAZMttAAAAAEAAAAAAAAAAAAAAAAAAAAAgcoADl2TFTQBCDVkOTMxNTM0ByVGcmVlU1dJVENILm9yZyAtLSBDb21lIHRvIENsdWVDb24uY29tAAAA"} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1502626548341364,"flow_dst_last_pkt_time":1502626548349503,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":136,"pkt_l4_len":100,"thread_ts_usec":1502626548349503,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAHhTI0AAQBFJs9kM92LZDPQie3FlawBknhSByQAHAZMttF2TFTQAAAABAAC\/iwAAAAbBcE1hAAQFHIHKAA4Bky20AQcxOTMyZGI0ByVGcmVlU1dJVENILm9yZyAtLSBDb21lIHRvIENsdWVDb24uY29tAAAAAA=="} +00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1502626552361361,"flow_dst_last_pkt_time":1502626548349503,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":156,"pkt_l4_len":120,"thread_ts_usec":1502626552361361,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAIyDdEAAQBEZTtkM9CLZDPdiZWt7cQB4niiByAAMXZMVNN06wXhXnSv1AAF4QAAAAloAAXhAAZMttAAAAAEAAAAAAAAAAAAAAAAAAAAAgcoADl2TFTQBCDVkOTMxNTM0ByVGcmVlU1dJVENILm9yZyAtLSBDb21lIHRvIENsdWVDb24uY29tAAAA"} +01129{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1502626544321377,"flow_src_last_pkt_time":1502626552361361,"flow_dst_last_pkt_time":1502626548349503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":1502626552361361,"l3_proto":"ip4","src_ip":"217.12.244.34","dst_ip":"217.12.247.98","src_port":25963,"dst_port":31601,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RTCP","proto_id":"165","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00608{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":520,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1502626552361361} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 5/5 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 520 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7593905 bytes +~~ total memory freed........: 7593905 bytes +~~ total allocations/frees...: 142695/142695 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 545 chars +~~ json string max len.......: 1134 chars +~~ json string avg len.......: 831 chars diff --git a/test/results/default/rtmp.pcap.out b/test/results/default/rtmp.pcap.out index 7983e6d52..aab7a4790 100644 --- a/test/results/default/rtmp.pcap.out +++ b/test/results/default/rtmp.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966901 bytes -~~ total memory freed........: 7966901 bytes -~~ total allocations/frees...: 148314/148314 +~~ total memory allocated....: 7596562 bytes +~~ total memory freed........: 7596562 bytes +~~ total allocations/frees...: 142717/142717 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 2524 chars diff --git a/test/results/default/rtp.pcapng.out b/test/results/default/rtp.pcapng.out new file mode 100644 index 000000000..2f06c6cc5 --- /dev/null +++ b/test/results/default/rtp.pcapng.out @@ -0,0 +1,43 @@ +00506{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00569{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1332741131936370} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1332741131936370,"flow_src_last_pkt_time":1332741131936370,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332741131936370,"l3_proto":"ip4","src_ip":"10.204.220.71","dst_ip":"10.204.220.171","src_port":6000,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +02468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1332741131936370,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1332741131936370,"pkt":"ABNyjb9k0GflFGvTCABFAAXAU5xAAIARAAAKzNxHCszcqxdwF3AFrNRIgCIBEAAJ6IYAABZGAHAAAAAAg2oOAz\/8BcyOIdPfi8B4Xzz4VNYRGWcSjryldGYkqct6gbLBqCyFX7tOlxeIIyF41H7ve+11iRZEGoqbwZ8BxR\/mM7KSRJ8a7UYJLYgDupNskRvB7P\/F2+LyfF7a574\/f+Lxn4vAVwvkkYGQXzbheLgvjV4X8Aa7F5KLyf\/8U5YkvSlSWuDTEZb0+E4729QFtoqKTwvcF8OiLQsC+Lnxe+F+GXC9kYu\/90rt4WPWgJo2qDsfwPr\/s8F+F8Vv62za3pYs8Xhd7p\/i98XhSLxkLxBGcXsDIXnBeHYVhZ82dGyFsrGurb0PKNMBNPBU+DvepwY8CtUDJEhapZpZIfKDCenAv0sFZOFvEPq6SZq7ZGC0WNCD2rohpuFfeNnaOtWBov88A8KFlaIPuQZiCvwFUkMwNWSIPTwx46XBXMxdc42ukZKZVwxk2MwtjIOP\/GAoW2HqFRtGE73km73jLbNuNdOi46FTnGw\/R5AsQRD5jTGCdKjCRjiBlaZGSWLULBeGIXxhT0LGyulampWjYCxcF88NBf0Xi8LBeCcLwVpIx1vm4Wko\/FoveFXaTlRQDmASsdIAYgD0sFgelgVHlPWhCKjTYfCoK3tToCnTxwjU0U6tJ1AoURKc6uoVavqBuwaBU2OKB7UZZ3wVNNMoQYsCoZEGnR6rMgMCr1Frc0MVxHgMuBS\/GaQWA0H+4KeVNJ0oilvFwCGUrXanZuJMO1Ru9kW\/gGO8HW6BUMgZL++I9LM4DjgWRFoKwZlpAL3BfQAkhSFv51ulgMX\/AxwG+BgmOjn0tWELaDFAZG2y2GgOYBJdic8FLrZ1FZqzejckZ7ZxPnt4tN0qT8Owt4mbIBiOCYV7Wa0gbYzISFJsL7Z2HAqbO5veAZ+i9hlrl0GL\/luyqfe6BQ+WJQWpAFTDhlLguaUNNM9wsbX44KudOi8B4\/4RhX7EoFSstNLAXG0wJsF\/QrC+2C0xGKwtf+ZKIqQc6DFgSMykGg1F4NCAhWJteh8JkAM+AvF5WzpUeC+OQvBpQF4XzwtCtlK0STpXxwL8Kxfe6Lgq+bWQVZ7CxlrRWkFjIrCzh54VIwIaOLAtXTLlQJABIXeslIsZFAW+75LwHUAugsGkLJ4LbzreoPAx39Z0iDgXhM1zo46V8cFvAnqacHCmk+JEg5CoGb\/yMKTT9bClvYCKGC05V1BUOz4oBfCvje6uiZ7QMpjwfCwXrkIVutoFmhDDEHw\/we\/\/C+uZIRXre6tVwnDALeO5wFeLBusNLwWi+jfogBMF+BSaCxqbjX+ItQBiV60CR0F0JuLVopDELwvg0ACLtDYYhfLRqfC17qexbedTNNMnkQIwX2jclCk2IH6KMoYiM+S1ZNErU1PWiYcgqcKkhlkH0\/wVhGJNbvGupmesn9wrzn7QVSnoy3G1wacBeFj6ixeUt5riJwvBngE+L0iHSML5khhU2UjVGxKVUCQhkwSiYV+sJ14mSIDsJmv9RWtEIvCodYctsFJgKAsZY0zIsFIuTBiLwXYX+muPF4pFtBWFL4UJqKt1jGmTwgiPKhUFNPpiwoCYO3jPkT4Go6lAgL\/Zg46ysiOCNKUqM2M9lsBVwi4O20CYOHgsxRtsIBBjL3Bd+AvT4\/C4KXbgGE1mX9S772dBUjRhpD31BFfvayiUFKdZwCiYKT7Nb2p+\/qOjh4jVgqsQcRn7erJ2yk8UkJCFnlXLKVLO9F7sQ4UDMF8fCrgyf9ugQ6+o0e4A9ockoTBZ2gZH+KhP1Gi\/BkD5\/4sCzwsAq0VH22MxdSUYjN8B9\/8NwjCplKTaC63nKp1ZRBzrw6pDwViHpBF1IW6lIWYwVojIEKUDkZA+QCFT2MrCI2pTZmg5YFSypr\/qP9owB8f+g+H+FTvA4LaLWly3SoJwXoLEK3vUSA=="} +01720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1332741131938296,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":938,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":938,"pkt_l4_len":904,"thread_ts_usec":1332741131938296,"pkt":"ABNyjb9k0GflFGvTCABFAAOcU51AAIARAAAKzNxHCszcqxdwF3ADiNIkgKIBEQAJ6IYAABZGAHAAALUmHytcLGiML59YxC+2D4f7x\/dGA9s6LUsIgqL6t9mJKOwYsCwYxfFCTd\/EbKc1WTIyCk1LCi4WlIZNs3QVRZ0YtLzVrXAvQvC31Kk4U7gfk4NF\/6FcZEMXBZ+e81yFiMRHcxvlqbCkj2pxXGHDnS9oMQB1fON6nOtI0AKpgCYZlYdheFJ9ggX8QzYebHG7kCflEEcesByv1MlHJrqEBIUL1CBL8iFQoGOLjcsBzv4F4E6+kKFCBSq0ae0CiQ+zsCH75ZvxcB2VgFVgRCnBlAIpUC+zUwKqITTdXCYZNHuI9BVbULusaiwozjYOKBYIN4gEcYpGToyY6jExkpTIBl3yzfIHyVnzcBwv5Dfr8yFmjAaijTAxYENxAOBHF58LeyIiEejkXlh4KRN5mANBoAEiF4ZC9kUC8Bg9xSFbqryv9z3tqY6RthYJNOCuk6hDKLDcGN\/hwQ0mC3p8aYImFyIJ2fmFPWqsI18NKg6zc0EbSUfjIfkIvCmFCwZ8BSYnov4kQSh4cBof8MKF4018YTasVIjgcMrbTgz\/Rc3eDkGbATXu3kEIFpCorIxXzGmgMsLLtBKGAtp13CovkAInT5YWpm9VTurR4cjAGgAToU8CbURFZOrBD3yhVMgi9nahRiOif38aqXo2gwi\/eVjoMb\/YDlgVOoD7pC8Z+LzsVYNEA4Lw\/PM6YGcAYMcb60BScBi\/6ioc+Y3+gj0XdlEbEV0q880OV7rHE+CEDlf2h1AYv+6NBo6i8VhZ4y3NArvwJe40z10illdj+2pAODMwFgW\/uUPBkSAtR\/rJOF8XBaF7bI3hV+Z3mCANUkkaT7xOJgbABPrJycc9upGBDvu6ip7nStgFVZqOnTgyaNljAYz+4FjA2Ht1OBsXB+I45wZBsMXS3TH7t28fvc1E3AYv+6mzgsDgPSYcfWuamjTaUBsRip1u4vkC4L4JUF4\/JheFu7YunR6b+PxmtpNBnAFHkepsN4l6K+sMJShkaBY+6mBiwJNwWU0DYf5CFnDxsCNvpGgcUCbXRMFQ7RnBYD3\/4W\/AIohZSkMAWgXwsCyPyUXmBf1K2MheZ\/H7rp4VdhLRzwI4mAxJUd4LhcKh\/0lH5GP0AJIW9A0lLRufBcnB37e9RZ742whXTGAvrkJofgsgvmCYL5lcHrAReKQv8XLSajU="} +02482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1332741131999309,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1332741131999309,"pkt":"ABNyjb9k0GflFGvTCABFAAXAU55AAIARAAAKzNxHCszcqxdwF3AFrNRIgCIBEgAJ\/qwAABZGAHAAAAAAg3IOAz+DZu8L\/AvpUA3H4r4vAcLxXU7idM2ymlkV2IuLvuaIBELzH\/hfBjAIQcCUai94\/fj9\/4WdocB\/5BIBM9eYIHAIlJabMuFeVJcLctTmRctqW0yxZujupRHTHcXu8L7Scmfi87j92P2gw8L5GMvE23nc0OmRiD1f4vIheEcfvH7xeNBfoJY\/GH\/xe7hfDoB50LeUsoJgDwVgLUmF4LwfnovJRe4fhZF5wXti10\/3bulF7x+YF4xF5oL+C52LwtCtlSW5UQ3jmQe\/\/CjF4x3b\/wt6LrUQqSmOB\/AEI8XjUXikXoTIvAymEwr0lUFo44BiJj7B9T7xorKCmPBVtLDoEVonhb21m0vEpuiYOg8GIqywFmD5AIgsqKywmqNNzg5ZNgvBtsjhijIsGoU\/\/vKfK\/j2Qeen+r38VY03dWxPDAliUPvD8v8qvxH9+yp1XtxPWkyds9dbmbubVONfnxHxtOoFokhC\/IXlysvuKh9LJ6b\/\/VCQRFSibgt+tQK6g4WhcueCj8qxWWDXN5xeMpEyekqzKKWoJNHBKCsMCADPALwofgEQmqGY1svakpCTmx\/WE6wnC7vePwoxRh4vg7BjAI6nB7f8X6Mxfw4LwtF52KPB1WlIfDKDYE+F9xkbZbUMQKZ1KdSC4L+AsDQk2a2pRdLQc3+4H4DCEKmBhlK0Cr3qF6zNTzpUGQwBLGmm6hjaCOSgrFGi4Lwu9CcFyFXXZBWDNpPQ424NSnBwsFpMFPReqLhZJcSdW0zECjoFUSUChoFWsoArze8mEelVQJLboxK+YRphCBMF9COF8FmgcFvLRxxsHD\/gXQ0a5xLVm2QJYl7TAUL1M0zMWpSlGl7G4gulCJCdaK4hcFwX1zhCFbvJrNTZiWXaCrAIcWR4k7vwMeBi\/4sHvoW12VTWh3QMJGlA7sR0YArQWgvKlhhE\/xI1\/EFcW4sjFAPeAjbqjlAwydBWGAtd1NqMWcEAbBGgLXi8nCtpigQGSIP2QxYxdEMAvg1v+KyEL6IJAWIX+tgzgCjGacYBV5EURE6yNu4HtGYggJoDxVycEW9JYfCi2Orpu4VoBauvWWByMWl6mZQbkQPZa1oLiYLWiBiwKCwmwwFj7ONti8mpoLemuRAul+GYanhiF95A3rZwCG0HL\/mdlrOAygFjqhT9BiwLhX\/7wre1ifrQjtNgYZrQoBr\/8kGgV9sRlV5\/n\/+rYFpWMEVAZyLNLLFopYWHIu7gDgvjQhC\/TAYi+hqbEF0bgxf9+lRr9+oFROF3pI4L8Kwe3\/PD8KRxo\/XQJ4hzNRnApCtjZdcigJ45BaC+Azf+KgvwjPBa0rPWOoTA4DFpCNAov+xZftXWWiZvXcT+iX\/kZlqd5Uk6WplnBY0aCjxGbURBBwc522Aq50Cd0oF\/KmAiqGYJqMpGUL4bjJw\/cF8weF8CoKvYgR4kIp2LWNpitgdpSAoLEAeHxSFv821qhpTzq2daT4LQ8WBoP\/h9kgC+eDEXqQ9TjELWmEJYsHRQ6h+RtCwLHE7bfCkBYPp\/srpyQL5STpINQvpwpQisfwXi7eFHxtvyERGU\/SXAJIAY7+4QdHDKZprgqbBPQAKCvo4VNCGbEelYFCkFUy24EY0GqDBWFjutpWzv0QYBcF9rRiuJwvpMIQvCnpCzc8u3LoMUBjXA2Q8FeNXsBVjh7DegqxweJsZB+P8QW2t5MsLxsxBzr8DYFyFnsAgBdVZ5DTNxGV0rGWJRBRBgO04ThTxHjCEon5jkra\/\/NJAMRIeiLxWLWxxiicQCxOD5\/6EHs\/wr4ESqlXQy3rNKxy8EQBTPSkGe\/z4UfR3WgVRSbzEpKWVM2ZRHUAyCi2q2p5OTKUtIhfhTlzmFvUCI9iJPW6BCitDQTRgMfKqV6BZvoj8YDY21vA=="} +00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1332741131936370,"flow_src_last_pkt_time":1332741131999309,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":896,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3784,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332741131999309,"l3_proto":"ip4","src_ip":"10.204.220.71","dst_ip":"10.204.220.171","src_port":6000,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +01890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1332741132001295,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1054,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1054,"pkt_l4_len":1020,"thread_ts_usec":1332741132001295,"pkt":"ABNyjb9k0GflFGvTCABFAAQQU59AAIARAAAKzNxHCszcqxdwF3AD\/NKYgKIBEwAJ\/qwAABZGAHAAAC2RhlqOQwsQc9BiVkAVPG8xsRapg8Ld2AUDMONR8vsLCLSsJ+BOFbxcQUHIhegZGQxF6zMeF8OegtgcMCC+nEIiFAXwer\/nDQXsBosdEF8L6aCp9\/ODpHt0CNlg1Ecb5xOCaH4VjUKTwC+gRngYwC+VENHS1iYRyh2z6Jfp1lboMyBFoubDoXhX+4V9KDWXiNmS0cxE9hKHAfEzQeHQp\/bWx3Ud+ibGha3xZHePpYlZhDB74DMbBxf7Ae8BCUc9xuXEqnxSWDFJlmM33\/wGJ\/cmgSGTCYOgwEP4z3YBdQgVc+CrehgEYLQZQCBjf5WqKSEPiosIRE2V4kshWdRcRz4RWsgx4EC+ShqnCwb6GlYMWBH7jfONboMcBcE9NDruM9Q8KAcr+CoU6QpvymhkDJ\/ykGLAv7RlozCz8ZmdW\/4q05dq9R2iohBPET+ptT4WDJnW+daK6oUIp0kzvaiwdod+GUSoQSQr\/iqpUXY5drnMpXxAycB9P8kt+ZGiutgRONZaBH4oCi5v0kAwIG4jhD6ltvQTJGOJkqek4flozuiofg4\/8F9gLNeL2ApC7QD3j9w\/JgsbDWZixT0atAsiwHwAWdlvZWGqpT6PSxkkRsMZSraWXCQfjML4sNi83C34vSiRKIBMHQJvHBY+43usJdXsupunwxGXH74tp6L4sn36YZetYl6Eg6gegtxP5g7a6OtEXNHK2nFXDgNF\/ioX0+F0nuC9ic4F9AC\/BV5Ae\/\/CnjrrPtXh0v4wByNAopbal+O\/lsVLRwi6pxNwcHlujuoIgBwv5YQj61GzYU8fk\/teanBXIU5OFn523gEGAVdIquIRVkGYenmGhW36plk96J9t1B4spMKnvFODkHb\/qFzfcqZD1GDhAQr2u9LRsMwGiL0rba9iOqeIHjYPB02BUgjU6HBON2xwJwvlhlkyP0pOF8iFg\/CUXkwWfmML2AyH9hXg17wqTo5VAzRogm6CyCzxu8rO8pQbBi\/6gQyJPeBy\/4QoCYu2OiGL33T7p3bu3V5lUph2OioXz+Wda4HZoLH7ESdPnUNMtAsqCKhGI\/NwvhXTgvrwuoPX\/vC+mJHhbx9Jq7z9IPx+7dqpwQFMwcAxf7HcZ5o5BVlrwq5QBko7fUZNCIOSkZgl6bCzpNareQs1SFsD\/mgxgF4ZMhyRrgKC2ugxIHE2dAqpj+6JicL+NDmmQTx\/Bni8J4vZPf+FXKAOgxgHQHa20OmkrYhkJOKx+cF50L4XJQev\/C1zog0cZEVeKQsCz5ZghFHaidFLcXmAmbiUZXgyCxtyzfxGOejCmAWcL4RALH7CwpF7ZgL6bBkhNA=="} +02467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1332741132066361,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1332741132066361,"pkt":"ABNyjb9k0GflFGvTCABFAAXAU6BAAIARAAAKzNxHCszcqxdwF3AFrNRIgCIBFAAKFpQAABZGAHAAAAAAg3oOAz+DZvj92FjUNSxqhkDRgJ62JgTcfirF74vFUKmEAD5fGx9VAFvKeJy+aq2BgEAGB+fJ42SxT5eAmqx5VhoOMuHpcBbgdpSZ62XIiEWoLP+tl7gvhoEiB4vBaxeC0x+96xV+zRvN6ke4LOJQKAuoiAQ3xVgek4BwMCDgplavzegpYCqHgxiiJCw38e\/SoKVnws4QMEmZiufXHrZShU1IaAOHol8Uj7QKXQYsCivRl7KxaVixWpgGIUlmQZBSYB0CCXbZR6jPF3i8uoiqmGQ94LBKBgQcu\/oHJ0FMOmiwZe6mB2f5WCiAvEHwc0CCj4hK1zIIAMCEqNHheX+oErEEnhiAZIJIKcuVgV4nY9EhvyKpRCOqx4srlQ+GIVMAwEMv9ikSP8ZVbYg6MQgQA8fW5qigXghldTu8p8TqwPK51QUjMLqL3i1e6i9+F9lZcKjovIovOR+bH7x+4fu\/H9JQsuEKhAEqiIooFv2Fm4lOAHAwIQrgMGCBD\/6d5YPQV7vKIkSB8NVcL\/gVS9GIWXAOBgvX28EovSb79LcGYBwMD8f8DB\/glF8SRT5DBNMsZQiYvU+ZVQCXByMAo8IHggiV8FKh2UZ+qpV8R1XqQCQDAhCpOqRgxv8ATB2sCsLD6sDi98lFQUWXYlLaKwhAeH\/oBwSdW8r9papKnAHVWEHwMIC+VwC38KxNNSxkXKwPLWfRi0KihAgB4+EVSqrWfVU2qA+XXgH\/IRydGv6pjceLwiH7hecH7heNcXkEX0Bn+L3i84LzgqS3sHc98Cvp8t+fCsLLiQDAhRcxR\/4GHA1eQGLAtGYkDwIfqBwf+qYv9ShToy4CyVj34FUuUVhb4q1QOx1eiN1q1owA3W95jeCcX0F2LwHxfmHh+KQvi54vCyL2kgPT\/uk7TpC93hfe903ttVZwLewkaK6EpoyLwTYvJIvNwrbCdJOI61UR8H5\/zUXhfF2Fl07pumL3i+jMW08e7o76mS0GLAsF5aLAvsLtkrovIIv6D4\/4WtkcB0GDeGDwWfQLRP3ofXrWn+CK030EoybCtt60y1zSgBoNcAjEHy\/4W9HxpvsSTOHURCNRE0SIQ6eYi45q4DdT7UZY3hPAiChYIidu1cZYVNFLZYeFwXBQubSpEgWRtEWo0uaWCsFiFgU9TcwdN3MKW2oGMtxVftMDNZeYy3wCOCAfTz4jWdTo4sTYCJApKBkFE14eQDCOWxMDiAVXAkHlv1uDrCesro2aE4dDkaA0QCJxl1Q8Bh\/1F\/5hUDEfv0ec4kha+Ft52oA8w4FDf4Dq\/gIXaDlfwX3G8XnWOUGbAgYz+NijT6BdtC0LRcLwZ\/\/BNF5kL4vIheCWFvqRPtSzDgNWAoSQnhfCswFbqOdSUGLArcwmRgv9BbCbSiOCKGbCUlEmgbbYhSMOJFx0DHgXheDPf7BKJNhIBfCq\/HoyRDvC0qFwDhRtjutI5ZC39LXtioKnS1Hg4g1\/o3EM6GIShRba\/BAW2mu+XBiwIHN\/hHW+DFAcBjv5ASgmHgp9QcEKXdIkbaNa83VwujQiAQ4iuq4DlAVZ3cApPltUVIDiAYIpYLSYX1l4W+s9bAr8WhGCvCtvWYDTgOX\/BZ7kZaQ2gqsByv5pEjidgWm1zYWf+M7GeqNbBNVs8RpkBVJFzxCC1EFyZre61GkaHGBiHcxMuGIuC+TEwVtvGBwlUJGLeEoPf\/h4JwqbSao\/ypBGKhrWWIlaQ3A\/NbIIYL0FkF+FuDApIY42EiPUDWEYSBfAaZFT+7dgIoneF\/dwmIAvrHU5ML06A2F8QRiVAkhb+r\/wJwXlGgULu3MU8dwqKhxIdQhW4UdDvrBhqpUAzC3gYYwDDA0DwPDAWBZ0YMWBtgmiDMKmzGNg04Cf0FuL1+BKKvmc5AlSig=="} +00577{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":17808,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1643703745877296} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643703745877296,"flow_src_last_pkt_time":1643703745877296,"flow_dst_last_pkt_time":1643703745877296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703745877296,"l3_proto":"ip4","src_ip":"150.219.118.19","dst_ip":"192.113.193.227","src_port":54234,"dst_port":50003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643703745877296,"flow_dst_last_pkt_time":1643703745877296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643703745877296,"pkt":"AAAAAAAAAA0A6CjdCABFAABmXqIAAH8RTaGW23YTwHHB49Paw1MAUs7pAAEARgAafnMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAixk="} +00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1643703745877296,"flow_dst_last_pkt_time":1643703745893698,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643703745893698,"pkt":"AAAAAAAAAAkAifetCABFAABm7FVAADgRxu3AccHjltt2E8NT09oAUln0AAIARgAafnM4NS4xNTQuMi4xNDUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA09o="} +00973{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1643703745877296,"flow_src_last_pkt_time":1643703745877296,"flow_dst_last_pkt_time":1643703745893698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1643703745893698,"l3_proto":"ip4","src_ip":"150.219.118.19","dst_ip":"192.113.193.227","src_port":54234,"dst_port":50003,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","discord": {"client_ip":"85.154.2.145"}}} +00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1643703745898377,"flow_dst_last_pkt_time":1643703745893698,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_usec":1643703745898377,"pkt":"AAAAAAAAAA0A6CjdCABFAAC8XqQAAH8RTUmW23YTwHHB49Paw1MAqMnfkHhIttF\/PXUAGn5zvt4AATChedtqfwjhWc+hGYWjlXOtMNhOVuvkASoxB4ywo3iDuuFHRFJG0AOkJ71IgPEsVVSiSfrNiA3wWNXLbiv8K9cXcSIFnp6ocVrYvui+LopzedprSAkJNDIypDHa8q04lE3GXrfqiYWbSzVHWRR3fCDSc7ouhFdl69cEdTT20S+ecWgZ+tTXEhJtweMT7TUBgA=="} +00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1643703745898718,"flow_dst_last_pkt_time":1643703745893698,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1643703745898718,"pkt":"AAAAAAAAAA0A6CjdCABFAABUXqUAAH8RTbCW23YTwHHB49Paw1MAQCgLr80ACAAafnO\/DuYuk7Qm7AS8F\/mRjAhWf8oXJ8iKIG1vbiBG\/CH8sc3Jm2Qs1\/hdRLqg0e41AYA="} +00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1643703745915963,"flow_dst_last_pkt_time":1643703745893698,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_usec":1643703745915963,"pkt":"AAAAAAAAAA0A6CjdCABFAADBXqYAAH8RTUKW23YTwHHB49Paw1MArUaokHhIt9F\/QTUAGn5zvt4AAZh5k2ZCx7AG1wPxuzfCf8IwfzFMqVgW4L\/mJFqmRAcv8EJTXmkyrY75f6lOJMucq+rA3frXvaUL0BKpnggCk8fasluufmW8FbErfrU6zDzccizbXzvL1SCk28XBaOck\/RKMjjxlmWOhUAMPzKd7IE7GUd1q3K2nXpJZolklVyfnB7AqCWsUi9KYepAHxMOiROPvNQGA"} +00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1332741131936370,"flow_src_last_pkt_time":1332741132275341,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17808,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703746016700,"l3_proto":"ip4","src_ip":"10.204.220.71","dst_ip":"10.204.220.171","src_port":6000,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643703820776166,"flow_src_last_pkt_time":1643703820776166,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703820776166,"l3_proto":"ip4","src_ip":"10.140.67.167","dst_ip":"148.153.85.97","src_port":55402,"dst_port":6008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1643703820776166,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":62,"pkt_l4_len":24,"thread_ts_usec":1643703820776166,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAALGdvQAA\/EZwkCoxDp5SZVWHYahd4ABjVkQEAAAAAAAAAAAAAAAAAARw="} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1643703820864329,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAANGdwQABAEZsbCoxDp5SZVWHYahd4ACCGGoFvzdIeUTH\/uAl02AAAARxIC+RVvxSYfA=="} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":69,"pkt_l4_len":31,"thread_ts_usec":1643703820864329,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAAM2d0QABAEZsYCoxDp5SZVWHYahd4AB\/BqIFvzdMeUTW\/uAl02AAAARxIBuN5wSRY"} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":69,"pkt_l4_len":31,"thread_ts_usec":1643703820864329,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAAM2d4QABAEZsUCoxDp5SZVWHYahd4AB+954FvzdQeUTl\/uAl02AAAARxIBuN5wSRY"} +00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1643703820776166,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703820864329,"l3_proto":"ip4","src_ip":"10.140.67.167","dst_ip":"148.153.85.97","src_port":55402,"dst_port":6008,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1643703820864329,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAANGd7QABAEZsQCoxDp5SZVWHYahd4ACClNIFvzdUeUT0\/uAl02AAAARxIBuNyJ9wGQA=="} +00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":19,"flow_first_seen":1643703745877296,"flow_src_last_pkt_time":1643703746016700,"flow_dst_last_pkt_time":1643703746015681,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":165,"flow_dst_max_l4_payload_len":1104,"flow_src_tot_l4_payload_len":993,"flow_dst_tot_l4_payload_len":13839,"midstream":0,"thread_ts_usec":1643703821596170,"l3_proto":"ip4","src_ip":"150.219.118.19","dst_ip":"192.113.193.227","src_port":54234,"dst_port":50003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} +00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1643703820776166,"flow_src_last_pkt_time":1643703821596170,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":801,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703821596170,"l3_proto":"ip4","src_ip":"10.140.67.167","dst_ip":"148.153.85.97","src_port":55402,"dst_port":6008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00579{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","packets-captured":75,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":33441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1643703821596170} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 75/75 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 33441 bytes +~~ total detected protocols..: 3 +~~ total active/idle flows...: 3/3 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7600183 bytes +~~ total memory freed........: 7600183 bytes +~~ total allocations/frees...: 142787/142787 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 511 chars +~~ json string max len.......: 2487 chars +~~ json string avg len.......: 1498 chars diff --git a/test/results/default/rtsp.pcap.out b/test/results/default/rtsp.pcap.out index 804528c03..45dd6e9d0 100644 --- a/test/results/default/rtsp.pcap.out +++ b/test/results/default/rtsp.pcap.out @@ -71,9 +71,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8008487 bytes -~~ total memory freed........: 8008487 bytes -~~ total allocations/frees...: 148957/148957 +~~ total memory allocated....: 7638292 bytes +~~ total memory freed........: 7638292 bytes +~~ total allocations/frees...: 143360/143360 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 2224 chars diff --git a/test/results/default/rtsp_setup_http.pcapng.out b/test/results/default/rtsp_setup_http.pcapng.out index 1e677a4ad..c373c206c 100644 --- a/test/results/default/rtsp_setup_http.pcapng.out +++ b/test/results/default/rtsp_setup_http.pcapng.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966228 bytes -~~ total memory freed........: 7966228 bytes -~~ total allocations/frees...: 148290/148290 +~~ total memory allocated....: 7595889 bytes +~~ total memory freed........: 7595889 bytes +~~ total allocations/frees...: 142693/142693 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 523 chars ~~ json string max len.......: 1213 chars diff --git a/test/results/default/rx.pcap.out b/test/results/default/rx.pcap.out index 99369753d..7e6d2b0a5 100644 --- a/test/results/default/rx.pcap.out +++ b/test/results/default/rx.pcap.out @@ -46,9 +46,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7976327 bytes -~~ total memory freed........: 7976327 bytes -~~ total allocations/frees...: 148463/148463 +~~ total memory allocated....: 7606084 bytes +~~ total memory freed........: 7606084 bytes +~~ total allocations/frees...: 142866/142866 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 508 chars ~~ json string max len.......: 2164 chars diff --git a/test/results/default/s7comm.pcap.out b/test/results/default/s7comm.pcap.out index b66c0dccd..0e4b1f909 100644 --- a/test/results/default/s7comm.pcap.out +++ b/test/results/default/s7comm.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7965694 bytes -~~ total memory freed........: 7965694 bytes -~~ total allocations/frees...: 148342/148342 +~~ total memory allocated....: 7595355 bytes +~~ total memory freed........: 7595355 bytes +~~ total allocations/frees...: 142745/142745 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2263 chars diff --git a/test/results/default/safari.pcap.out b/test/results/default/safari.pcap.out index e74d575f2..adbaf6ab3 100644 --- a/test/results/default/safari.pcap.out +++ b/test/results/default/safari.pcap.out @@ -75,9 +75,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8026767 bytes -~~ total memory freed........: 8026767 bytes -~~ total allocations/frees...: 148555/148555 +~~ total memory allocated....: 7656572 bytes +~~ total memory freed........: 7656572 bytes +~~ total allocations/frees...: 142958/142958 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2302 chars diff --git a/test/results/default/salesforce.pcap.out b/test/results/default/salesforce.pcap.out index fe117f3ed..1736ad568 100644 --- a/test/results/default/salesforce.pcap.out +++ b/test/results/default/salesforce.pcap.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7975016 bytes -~~ total memory freed........: 7975016 bytes -~~ total allocations/frees...: 148312/148312 +~~ total memory allocated....: 7604677 bytes +~~ total memory freed........: 7604677 bytes +~~ total allocations/frees...: 142715/142715 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 1568 chars diff --git a/test/results/default/sccp_hw_conf_register.pcapng.out b/test/results/default/sccp_hw_conf_register.pcapng.out index 97c959df3..174381bcd 100644 --- a/test/results/default/sccp_hw_conf_register.pcapng.out +++ b/test/results/default/sccp_hw_conf_register.pcapng.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964592 bytes -~~ total memory freed........: 7964592 bytes -~~ total allocations/frees...: 148304/148304 +~~ total memory allocated....: 7594253 bytes +~~ total memory freed........: 7594253 bytes +~~ total allocations/frees...: 142707/142707 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 529 chars ~~ json string max len.......: 997 chars diff --git a/test/results/default/sctp.cap.out b/test/results/default/sctp.cap.out index e09ff7a17..ed45023aa 100644 --- a/test/results/default/sctp.cap.out +++ b/test/results/default/sctp.cap.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966315 bytes -~~ total memory freed........: 7966315 bytes -~~ total allocations/frees...: 148302/148302 +~~ total memory allocated....: 7596000 bytes +~~ total memory freed........: 7596000 bytes +~~ total allocations/frees...: 142705/142705 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 1055 chars diff --git a/test/results/default/selfsigned.pcap.out b/test/results/default/selfsigned.pcap.out index c7bfe9125..3d4453dbf 100644 --- a/test/results/default/selfsigned.pcap.out +++ b/test/results/default/selfsigned.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7968927 bytes -~~ total memory freed........: 7968927 bytes -~~ total allocations/frees...: 148314/148314 +~~ total memory allocated....: 7598588 bytes +~~ total memory freed........: 7598588 bytes +~~ total allocations/frees...: 142717/142717 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 1686 chars diff --git a/test/results/default/sflow.pcap.out b/test/results/default/sflow.pcap.out index 4c6bd0368..35a3ae7ad 100644 --- a/test/results/default/sflow.pcap.out +++ b/test/results/default/sflow.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964360 bytes -~~ total memory freed........: 7964360 bytes -~~ total allocations/frees...: 148296/148296 +~~ total memory allocated....: 7594021 bytes +~~ total memory freed........: 7594021 bytes +~~ total allocations/frees...: 142699/142699 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 973 chars diff --git a/test/results/default/signal.pcap.out b/test/results/default/signal.pcap.out index 1f224819f..e7aa31196 100644 --- a/test/results/default/signal.pcap.out +++ b/test/results/default/signal.pcap.out @@ -179,9 +179,9 @@ ~~ total active/idle flows...: 19/19 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8251386 bytes -~~ total memory freed........: 8251386 bytes -~~ total allocations/frees...: 149252/149252 +~~ total memory allocated....: 7881479 bytes +~~ total memory freed........: 7881479 bytes +~~ total allocations/frees...: 143655/143655 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2182 chars diff --git a/test/results/default/simple-dnscrypt.pcap.out b/test/results/default/simple-dnscrypt.pcap.out index 2808dae2c..e268a8984 100644 --- a/test/results/default/simple-dnscrypt.pcap.out +++ b/test/results/default/simple-dnscrypt.pcap.out @@ -53,9 +53,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8063062 bytes -~~ total memory freed........: 8063062 bytes -~~ total allocations/frees...: 148479/148479 +~~ total memory allocated....: 7692795 bytes +~~ total memory freed........: 7692795 bytes +~~ total allocations/frees...: 142882/142882 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 521 chars ~~ json string max len.......: 2001 chars diff --git a/test/results/default/sip.pcap.out b/test/results/default/sip.pcap.out index 305715d7a..aa1f2c731 100644 --- a/test/results/default/sip.pcap.out +++ b/test/results/default/sip.pcap.out @@ -41,9 +41,9 @@ 01095{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":46,"flow_dst_packets_processed":25,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470966606422,"flow_dst_last_pkt_time":1120470966601590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":17169,"flow_dst_tot_l4_payload_len":11584,"midstream":0,"thread_ts_usec":1120470966606422,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985348411,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985348411,"pkt":"ADBUADRWAODtAW69CABFAADIa\/wAAIARFmjAqAEC1PIhJHUwncgAtBjegAhvrgAABNg3lstx1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1REEHBgYEhIeEBQXahMcGAQEBQYBAQAHBQUZEwUbGRATGQUEBAcDAgMDAAACDQ0NAAEDDQwNAAABAgMBBgYBDw4ODAMABwYAAwMGBwEEBgYbHxwRaWBiFREQFGoTFWBpYX10UltZ10dcVlJVREtCdVlzeFp8bmgUag=="} -00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985348411,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985418358,"pkt":"ADBUADRWAODtAW69CABFAADIa\/0AAIARFmfAqAEC1PIhJHUwncgAtL+rgAhvrwAABXg3lstxbmgVFGoUFBVpYG5qbG5kbGoWF2xubWBmfn9Fxsnw\/Ofz+uXwy\/H2z83k+sJTdF9CW\/bw8vzg7pfo8ldaT011Z399ZmV0dUN4S0dVQ2dmbWNsZGZkeGRvbxQUbBcRExAXEBwfHRAQFhAQHxwfGR4YEBcSFGxibWNqFRUXbmV3ckDQ93N9fmJnYmoVahcVZUNxWll+YGZ6cnJJZXpgeF1EQg=="} 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1120470985421891,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985421891,"pkt":"ADBUADRWAODtAW69CABFAADIa\/4AAIARFmbAqAEC1PIhJHUwncgAtNyMgAhvsAAABhg3lstxcX5wdtbF0Et0dn92T1BB0VhmZ2V\/Z294Y2ZmahQXFhQREBAVb2ZPemVlYWJoYE9\/YWZkcnV4bWwVFRVqZ2xpYn94ZmBnY2F0zfjXdmNiYXhveHJgaW5jUFlwZW1kYWdlamoREhAQEx4fHx0XahRvRl1F3V5ESdbQxFFR39TfQXR\/Z9L15ebs6JeW7+DslJOU6uqUn5CcnJKX+Ofs5+Hg6g=="} +00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985421891,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985421891,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1120470985427557,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985427557,"pkt":"ADBUADRWAODtAW69CABFAADIa\/8AAIARFmXAqAEC1PIhJHUwncgAtJlvgAhvsQAABrg3lstxkpfo6Zfq5frn5uz6+sB4emFkcGBneMvv7+rslZHu5OLqkpKdkpCUlZGcnpuHh4GAgoODgYGGhoGBgIGDg4GAhoSFhZ6ZhYSFhYeHhoWFhICCgIOBmJyQnZ+Yn5CW6u7s6e7ol+ji7vrcWtzJ8\/Lz9ujq7u6XkZaWkZ2Ym5iFh4aGhZyemZ6fmZ+fk5OfhYeEk5STk5eU6fj3T1hDVM9BQg=="} 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1120470985429664,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985429664,"pkt":"ADBUADRWAODtAW69CABFAADIbAAAAIARFmTAqAEC1PIhJHUwncgAtMoSgAhvsgAAB1g3lstxRH1wVt719vLg7uHxw3h4ZGRhfE9UWV\/Rz+Dt5\/PklJOUlJXt4uzx+Pjm5PPHzf38\/fr05+3ikurj4ezn4+H6\/97AwEJ8S9DN9Vd1XdzJ8eDp6eXwzcXWRUJnZHhnYX96aHLW+ubo6eHg5\/DG\/MNRcE3B+ubNy+Xu7Obt7+qX6u7oy9fw3vLT3N1W19X49PBBf39jZnhmbBEdEWpqb2BweA=="} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470986363611,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470986363611,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7973647 bytes -~~ total memory freed........: 7973647 bytes -~~ total allocations/frees...: 148432/148432 +~~ total memory allocated....: 7603380 bytes +~~ total memory freed........: 7603380 bytes +~~ total allocations/frees...: 142835/142835 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 2421 chars diff --git a/test/results/default/sip_hello.pcapng.out b/test/results/default/sip_hello.pcapng.out index d53cfc4ce..e85f42003 100644 --- a/test/results/default/sip_hello.pcapng.out +++ b/test/results/default/sip_hello.pcapng.out @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964969 bytes -~~ total memory freed........: 7964969 bytes -~~ total allocations/frees...: 148317/148317 +~~ total memory allocated....: 7594630 bytes +~~ total memory freed........: 7594630 bytes +~~ total allocations/frees...: 142720/142720 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 517 chars ~~ json string max len.......: 982 chars diff --git a/test/results/default/sites.pcapng.out b/test/results/default/sites.pcapng.out index 8c219e49a..008bf7e58 100644 --- a/test/results/default/sites.pcapng.out +++ b/test/results/default/sites.pcapng.out @@ -410,9 +410,9 @@ ~~ total active/idle flows...: 47/47 ~~ total timeout flows.......: 4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8564760 bytes -~~ total memory freed........: 8564760 bytes -~~ total allocations/frees...: 149850/149850 +~~ total memory allocated....: 8195525 bytes +~~ total memory freed........: 8195525 bytes +~~ total allocations/frees...: 144253/144253 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2621 chars diff --git a/test/results/default/skinny.pcap.out b/test/results/default/skinny.pcap.out index 9ec29a350..f43bdcc62 100644 --- a/test/results/default/skinny.pcap.out +++ b/test/results/default/skinny.pcap.out @@ -17,35 +17,35 @@ 02295{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1317801130501299,"flow_src_last_pkt_time":1317801134312976,"flow_dst_last_pkt_time":1317801134286303,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":248,"flow_dst_tot_l4_payload_len":1620,"midstream":1,"thread_ts_usec":1317801134312976,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.12","src_port":49399,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":14,"avg":245054.2,"max":3609828,"stddev":877176.1,"var":769437794304.0,"ent":1.5,"data": [2211,18,14,5962,3780,258,15,49,20014,19685,10391,48806,3559643,16,82,3609828,11683,20052,16478,36490,7020,23440,32822,19981,11660,17,20000,11522,27273,50735,26736]},"pktlen": {"min":46,"avg":100.2,"max":364,"stddev":74.3,"var":5521.7,"ent":4.7,"data": [64,68,56,64,46,364,68,76,68,46,200,60,46,64,180,76,46,252,46,88,46,184,46,184,46,184,172,46,92,92,46,92]},"bins": {"c_to_s": [9,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,2,0,0,5,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,0,1,1,1,1,0,1,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,1,0,0,0,1,0],"entropies": [3.922401428,4.000817776,4.543873787,4.299025536,4.398030758,3.738415241,4.369860649,4.173765659,4.555430412,4.446094513,4.498068333,4.266249657,4.654558659,4.450102329,2.632452726,4.180215836,4.398030758,4.264904022,4.549461365,3.957430601,4.654558659,2.670037031,4.549461365,2.689654589,4.478915215,2.567897081,4.683412552,4.398031235,4.043387413,3.999909163,4.567602158,4.021648407]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CiscoSkinny","proto_id":"164","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801134322539,"flow_src_last_pkt_time":1317801134322539,"flow_dst_last_pkt_time":1317801134322539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134322539,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32150,"dst_port":9395,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1317801134322539,"flow_dst_last_pkt_time":1317801134322539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134322539,"pkt":"ABTy5fxCAB56JnR1CABFuADIE4MAAEARYEbAqMM6wKjBGH2WJLMAtK8pgIAFmwAC4MD2v1fi\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/39+\/v18ffz+\/f9+\/n17eXh6e357fv1+\/v59\/fx9fX16e379+vv7+359fnv\/\/X3+\/35\/e3v+\/H7\/fnv+fXz9\/v7+fX18fHx7fHt+f3\/\/fv3+f\/7+\/v79\/\/5\/eXt8fX9+f\/\/\/\/39+f3x5e3x6eX1+fv5+f\/78\/P78\/nz+fn5+fA=="} -00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801134322539,"flow_src_last_pkt_time":1317801134322539,"flow_dst_last_pkt_time":1317801134322539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134322539,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32150,"dst_port":9395,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801134322976,"flow_src_last_pkt_time":1317801134322976,"flow_dst_last_pkt_time":1317801134322976,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134322976,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.195.50","src_port":32144,"dst_port":17718,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1317801134322976,"flow_dst_last_pkt_time":1317801134322976,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134322976,"pkt":"AB1FDGVjAB56JnR1CABFuADIE4QAAEARXivAqMM6wKjDMn2QRTYAtIyXgIAFnAAC4MD2v1fc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/39+\/v18ffz+\/f9+\/n17eXh6e357fv1+\/v59\/fx9fX16e379+vv7+359fnv\/\/X3+\/35\/e3v+\/H7\/fnv+fXz9\/v7+fX18fHx7fHt+f3\/\/fv3+f\/7+\/v79\/\/5\/eXt8fX9+f\/\/\/\/39+f3x5e3x6eX1+fv5+f\/78\/P78\/nz+fn5+fA=="} -00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801134322976,"flow_src_last_pkt_time":1317801134322976,"flow_dst_last_pkt_time":1317801134322976,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134322976,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.195.50","src_port":32144,"dst_port":17718,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1317801134323001,"flow_dst_last_pkt_time":1317801134322976,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134323001,"pkt":"AB1FDGVjAB56JnR1CABFuADIE4QAAEARXivAqMM6wKjDMn2QRTYAtIyXgIAFnAAC4MD2v1fc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/39+\/v18ffz+\/f9+\/n17eXh6e357fv1+\/v59\/fx9fX16e379+vv7+359fnv\/\/X3+\/35\/e3v+\/H7\/fnv+fXz9\/v7+fX18fHx7fHt+f3\/\/fv3+f\/7+\/v79\/\/5\/eXt8fX9+f\/\/\/\/39+f3x5e3x6eX1+fv5+f\/78\/P78\/nz+fn5+fA=="} 00778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1317801134342549,"flow_dst_last_pkt_time":1317801134322539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134342549,"pkt":"ABTy5fxCAB56JnR1CABFuADIE4UAAEARYETAqMM6wKjBGH2WJLMAtJrugAAFnAAC4WD2v1fifX38\/v34\/Pr7f\/9+fnl2eHv\/\/f3+fH5\/ff5\/\/v17fHx6fH1+\/Pt+\/39+\/v\/9f\/\/+fv59e357enx7fX1+\/f78+359fXt6\/\/19\/Pv\/\/X97fP79\/v7+\/3t4e3x8\/\/3+\/f\/8+Px\/fHh4d3l8ff5\/eHt9\/vr7+Pn9fnp6eHl7fP37+vz8\/P38fv3+eHp3c3d6fn7\/\/nz8\/P77\/fv+\/ff++\/t7+w=="} 00778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1317801134342950,"flow_dst_last_pkt_time":1317801134322976,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134342950,"pkt":"AB1FDGVjAB56JnR1CABFuADIE4YAAEARXinAqMM6wKjDMn2QRTYAtHhcgAAFnQAC4WD2v1fcfX38\/v34\/Pr7f\/9+fnl2eHv\/\/f3+fH5\/ff5\/\/v17fHx6fH1+\/Pt+\/39+\/v\/9f\/\/+fv59e357enx7fX1+\/f78+359fXt6\/\/19\/Pv\/\/X97fP79\/v7+\/3t4e3x8\/\/3+\/f\/8+Px\/fHh4d3l8ff5\/eHt9\/vr7+Pn9fnp6eHl7fP37+vz8\/P38fv3+eHp3c3d6fn7\/\/nz8\/P77\/fv+\/ff++\/t7+w=="} +00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1317801134322976,"flow_src_last_pkt_time":1317801134342950,"flow_dst_last_pkt_time":1317801134322976,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134342950,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.195.50","src_port":32144,"dst_port":17718,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1317801134342960,"flow_dst_last_pkt_time":1317801134322976,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134342960,"pkt":"AB1FDGVjAB56JnR1CABFuADIE4YAAEARXinAqMM6wKjDMn2QRTYAtHhcgAAFnQAC4WD2v1fcfX38\/v34\/Pr7f\/9+fnl2eHv\/\/f3+fH5\/ff5\/\/v17fHx6fH1+\/Pt+\/39+\/v\/9f\/\/+fv59e357enx7fX1+\/f78+359fXt6\/\/19\/Pv\/\/X97fP79\/v7+\/3t4e3x8\/\/3+\/f\/8+Px\/fHh4d3l8ff5\/eHt9\/vr7+Pn9fnp6eHl7fP37+vz8\/P38fv3+eHp3c3d6fn7\/\/nz8\/P77\/fv+\/ff++\/t7+w=="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801134348136,"flow_src_last_pkt_time":1317801134348136,"flow_dst_last_pkt_time":1317801134348136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134348136,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17726,"dst_port":9399,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1317801134348136,"flow_dst_last_pkt_time":1317801134348136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134348136,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE+YAAEARX+vAqMMywKjBGEU+JLcAtEN5gIAGQwAFh3h8EHHo\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f358fX17fv96f\/18fX7+\/X9+fn\/+fHz\/fX5\/fn9+\/39+\/\/7+fv7\/fX17fP56d3h6\/X17eXh8fH\/9fnp5ffr2+\/79\/f3+\/3x4eXx6eHx5eX56fH5+f3t+fXp8fH98ffx+\/3t7+n57ff76\/v9\/fH39f3p9fX58ev5+fHp8+Pn8\/Q=="} -00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801134348136,"flow_src_last_pkt_time":1317801134348136,"flow_dst_last_pkt_time":1317801134348136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134348136,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17726,"dst_port":9399,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1317801134342960,"flow_dst_last_pkt_time":1317801134348540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134348540,"pkt":"AB56JnR1AB1FDGVjCABFuADIE+cAAEARXcjAqMMywKjDOkU2fZAAtOiFgIAGSQAFh3h8EHHi\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f358fX17fv96f\/18fX7+\/X9+fn\/+fHz\/fX5\/fn9+\/39+\/\/7+fv7\/fX17fP56d3h6\/X17eXh8fH\/9fnp5ffr2+\/79\/f3+\/3x4eXx6eHx5eX56fH5+f3t+fXp8fH98ffx+\/3t7+n57ff76\/v9\/fH39f3p9fX58ev5+fHp8+Pn8\/Q=="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801134349579,"flow_src_last_pkt_time":1317801134349579,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134349579,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32152,"dst_port":9396,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1317801134349579,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134349579,"pkt":"ABTy5fxCAB56JnR1CABFuADIE4cAAEARYELAqMM6wKjBGH2YJLQAtKCZgIAFlAAFh3geBjsi\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f358fX17fv96f\/18fX7+\/X9+fn\/+fHz\/fX5\/fn9+\/39+\/\/7+fv7\/fX17fP56d3h6\/X17eXh8fH\/9fnp5ffr2+\/79\/f3+\/3x4eXx6eHx5eX56fH5+f3t+fXp8fH98ffx+\/3t7+n57ff76\/v9\/fH39f3p9fX58ev5+fHp8+Pn8\/Q=="} -00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801134349579,"flow_src_last_pkt_time":1317801134349579,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134349579,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32152,"dst_port":9396,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1317801134362584,"flow_dst_last_pkt_time":1317801134322539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134362584,"pkt":"ABTy5fxCAB56JnR1CABFuADIE4gAAEARYEHAqMM6wKjBGH2WJLMAtPMngAAFnQAC4gD2v1fi\/H3+end3dHZ1dHp8ffz6\/f9+eXv8\/vr4+\/v8\/fz7\/Pv5fnx5d3x2dv\/++\/n7+fr7+\/9+fnt3dHVzdHZ5fnt8\/f\/+\/Pz6\/n\/7\/f35\/vz3\/n\/9f3\/\/fXp7e3t8fH16d3l8fX\/+fX\/+fH58e359\/vr6+Px8fnz++P39\/H59fXx8e3h5d3V7fn78\/f319\/r6+\/n9f\/19f3x1eHhydXd6\/v\/8\/A=="} +00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1317801134322539,"flow_src_last_pkt_time":1317801134362584,"flow_dst_last_pkt_time":1317801134322539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134362584,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32150,"dst_port":9395,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1317801134368098,"flow_dst_last_pkt_time":1317801134348136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134368098,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE+gAAEARX+nAqMMywKjBGEU+JLcAtNjtgAAGRAAFiBh8EHHof\/79+v56fX1+fHl7en3\/fHx+\/f7+\/n58f\/9\/fnp7fvz6\/\/\/+\/Pt+\/nx5e3x9fP9+fH18fnp7fHx+eX3+\/f1+fv37\/Hx7\/n7+\/nz9fXt9fv59eHp\/e39+eX17fn3+\/337\/\/v+f\/p9\/v18\/\/9+fXx7e317ff5+fHt9fn5+f37\/\/H99ff77+v5+fn76\/X5+e39\/fv59fXz\/\/H58enr+fH17dg=="} 00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1317801134369410,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134369410,"pkt":"ABTy5fxCAB56JnR1CABFuADIE4oAAEARYD\/AqMM6wKjBGH2YJLQAtDYOgAAFlQAFiBgeBjsif\/79+v56fX1+fHl7en3\/fHx+\/f7+\/n58f\/9\/fnp7fvz6\/\/\/+\/Pt+\/nx5e3x9fP9+fH18fnp7fHx+eX3+\/f1+fv37\/Hx7\/n7+\/nz9fXt9fv59eHp\/e39+eX17fn3+\/337\/\/v+f\/p9\/v18\/\/9+fXx7e317ff5+fHt9fn5+f37\/\/H99ff77+v5+fn76\/X5+e39\/fv59fXz\/\/H58enr+fH17dg=="} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1317801134382485,"flow_dst_last_pkt_time":1317801134322539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134382485,"pkt":"ABTy5fxCAB56JnR1CABFuADIE4sAAEARYD7AqMM6wKjBGH2WJLMAtLJZgAAFngAC4qD2v1fi\/Pn+\/Pr9\/Xt+fnd9enn9e338\/fp+f\/n8\/f79\/n5+enh5eHl8fX5\/\/v95fv5\/\/P36\/n1\/fvr6\/P1\/\/f7\/\/315d3l3eXp7\/3x6fX5+fnl7\/H5\/\/n7+fXx+fv7+f37+\/v75+Pr09fn2+359eHd3c3Z5dXh9fP78fvz5\/vv8ff7+fX9\/fv3+\/nx5e3h1d3Z4eXh6\/\/z6+\/79\/X17fv5+\/\/\/9+g=="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801134383882,"flow_src_last_pkt_time":1317801134383882,"flow_dst_last_pkt_time":1317801134383882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134383882,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17732,"dst_port":9400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1317801134383882,"flow_dst_last_pkt_time":1317801134383882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134383882,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE+sAAEARX+bAqMMywKjBGEVEJLgAtEqsgAAGPwAC4qB8EHHz\/Pn+\/Pr9\/Xt+fnd9enn9e338\/fp+f\/n8\/f79\/n5+enh5eHl8fX5\/\/v95fv5\/\/P36\/n1\/fvr6\/P1\/\/f7\/\/315d3l3eXp7\/3x6fX5+fnl7\/H5\/\/n7+fXx+fv7+f37+\/v75+Pr09fn2+359eHd3c3Z5dXh9fP78fvz5\/vv8ff7+fX9\/fv3+\/nx5e3h1d3Z4eXh6\/\/z6+\/79\/X17fv5+\/\/\/9+g=="} -00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801134383882,"flow_src_last_pkt_time":1317801134383882,"flow_dst_last_pkt_time":1317801134383882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134383882,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17732,"dst_port":9400,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1317801134388067,"flow_dst_last_pkt_time":1317801134348136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134388067,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE+wAAEARX+XAqMMywKjBGEU+JLcAtDLhgAAGRQAFiLh8EHHofHt9f319fPv+\/v54f\/7\/e3l9e\/79f3p7fn18e316ff5+\/X58fv1\/\/v9+f3p+f31\/fv3+f31+\/np6fnx8fnz9\/P\/8fv37ff3\/fH7+\/3v\/f318f\/t8fP19fH19\/fl\/ev39+fx9d3Fw+NlhW8pMTLpRPsLeSefcWnbk8lz61FL72VV96Wtf6+1j6G777m\/scn\/3eX7+cXDubGz2fnF77nN2\/A=="} +00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1317801134348136,"flow_src_last_pkt_time":1317801134388067,"flow_dst_last_pkt_time":1317801134348136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134388067,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17726,"dst_port":9399,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1317801134389369,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134389369,"pkt":"ABTy5fxCAB56JnR1CABFuADIE40AAEARYDzAqMM6wKjBGH2YJLQAtJABgAAFlgAFiLgeBjsifHt9f319fPv+\/v54f\/7\/e3l9e\/79f3p7fn18e316ff5+\/X58fv1\/\/v9+f3p+f31\/fv3+f31+\/np6fnx8fnz9\/P\/8fv37ff3\/fH7+\/3v\/f318f\/t8fP19fH19\/fl\/ev39+fx9d3Fw+NlhW8pMTLpRPsLeSefcWnbk8lz61FL72VV96Wtf6+1j6G777m\/scn\/3eX7+cXDubGz2fnF77nN2\/A=="} +00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1317801134349579,"flow_src_last_pkt_time":1317801134389369,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134389369,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32152,"dst_port":9396,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1317801134402500,"flow_dst_last_pkt_time":1317801134322539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134402500,"pkt":"ABTy5fxCAB56JnR1CABFuADIE44AAEARYDvAqMM6wKjBGH2WJLMAtIh3gAAFnwAC40D2v1fi+vv9\/f7+\/nx6eXh7ff\/9\/fb4+vj5+f5+fHh8eHd5en5++\/39\/Xt\/enl7eH54efr+\/Pp9f3p5fHV4enp\/\/Pj59vn+9vb8fHl6d3t5ev5\/\/P768\/n5+f7+fHV1dnR6fXd8\/31\/eHr+eX39d3n4\/f73+Pz8\/3t7e3p2dn59fPv5+\/v4\/X\/8fH18e39+fv78\/fv59\/b7\/nx7fXh3d3p\/fHt9fg=="} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1317801134403859,"flow_dst_last_pkt_time":1317801134383882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134403859,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE+4AAEARX+PAqMMywKjBGEVEJLgAtCDKgAAGQAAC40B8EHHz+vv9\/f7+\/nx6eXh7ff\/9\/fb4+vj5+f5+fHh8eHd5en5++\/39\/Xt\/enl7eH54efr+\/Pp9f3p5fHV4enp\/\/Pj59vn+9vb8fHl6d3t5ev5\/\/P768\/n5+f7+fHV1dnR6fXd8\/31\/eHr+eX39d3n4\/f73+Pz8\/3t7e3p2dn59fPv5+\/v4\/X\/8fH18e39+fv78\/fv59\/b7\/nx7fXh3d3p\/fHt9fg=="} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1317801134408162,"flow_dst_last_pkt_time":1317801134348136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134408162,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE+8AAEARX+LAqMMywKjBGEU+JLcAtJtogAAGRgAFiVh8EHHoe\/z7+HV8+f34eXz09Xt7+nJ1\/H56dn7+fvl\/d\/v6dXp9evl3cPn9d3z6+\/18en11fvx1ev7\/e3l8\/v98eXb3+f\/+b3z5eHl+\/P\/8\/X18\/f5ye\/57d3b9\/fp8dPT2fXpvfvN\/dHf39316ffz9\/X13fPf\/b3T9+f1\/fX39eXt+f\/p4ev19\/3d6\/fz7eXh7\/P15fHz+\/n39+397+fx+enZ\/dw=="} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1317801134409515,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134409515,"pkt":"ABTy5fxCAB56JnR1CABFuADIE5AAAEARYDnAqMM6wKjBGH2YJLQAtPiIgAAFlwAFiVgeBjsie\/z7+HV8+f34eXz09Xt7+nJ1\/H56dn7+fvl\/d\/v6dXp9evl3cPn9d3z6+\/18en11fvx1ev7\/e3l8\/v98eXb3+f\/+b3z5eHl+\/P\/8\/X18\/f5ye\/57d3b9\/fp8dPT2fXpvfvN\/dHf39316ffz9\/X13fPf\/b3T9+f1\/fX39eXt+f\/p4ev19\/3d6\/fz7eXh7\/P15fHz+\/n39+397+fx+enZ\/dw=="} 00769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1317801134423839,"flow_dst_last_pkt_time":1317801134383882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134423839,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE\/EAAEARX+DAqMMywKjBGEVEJLgAtBwlgAAGQQAC4+B8EHHzfn78fXn\/eXV9d3b9\/338+\/f7fH59e3p2eX3++\/309fz6e3l6c3h3dnt3fff49\/Pz9vf2+Pv9fX19fX1+\/f1\/e3l5d3d1dHh6fHp6fv7++\/r3+H59fHx9e3l9+\/99\/P37+X57e3l8e3p\/f379\/fv7+\/r8\/v\/8\/n7\/\/\/39fXx6dnd5ev9+eXx6eH16fPx\/\/Pj5+fv7\/H15d3l7fH7\/\/f39\/A=="} +00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1317801134383882,"flow_src_last_pkt_time":1317801134423839,"flow_dst_last_pkt_time":1317801134383882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":516,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801134423839,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17732,"dst_port":9400,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1317801134428128,"flow_dst_last_pkt_time":1317801134348136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134428128,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE\/IAAEARX9\/AqMMywKjBGEU+JLcAtO6VgAAGRwAFifh8EHHoeXd2+\/75+fr1+3hx\/vh4dHl7\/fd+fPv4+v9+f\/58enh6fnd5\/nt7fHZ8fXr9eHn99vJ\/fHh8+n9+fX7\/fnt9f\/57d\/7++vv8+nz7+3v++Xxwe\/b+enp2eH19fn78fnl8fv56en5+f339\/P59ffp6\/PxzfH\/7\/n17d\/p9en55enR9fXdza3B0dnZuffr78\/Ly7+vs7O7z8\/n4fW9wb3BvbQ=="} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1317801134429422,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134429422,"pkt":"ABTy5fxCAB56JnR1CABFuADIE5MAAEARYDbAqMM6wKjBGH2YJLQAtEu2gAAFmAAFifgeBjsieXd2+\/75+fr1+3hx\/vh4dHl7\/fd+fPv4+v9+f\/58enh6fnd5\/nt7fHZ8fXr9eHn99vJ\/fHh8+n9+fX7\/fnt9f\/57d\/7++vv8+nz7+3v++Xxwe\/b+enp2eH19fn78fnl8fv56en5+f339\/P59ffp6\/PxzfH\/7\/n17d\/p9en55enR9fXdza3B0dnZuffr78\/Ly7+vs7O7z8\/n4fW9wb3BvbQ=="} 00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1317801134443939,"flow_dst_last_pkt_time":1317801134383882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1317801134443939,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE\/QAAEARX93AqMMywKjBGEVEJLgAtJYRgAAGQgAC5IB8EHHz\/v76\/3t\/fHh4d3l9\/Pn49vX1+\/\/6f3x\/en3+\/v1+\/P19dnh7dnh0dXd1fX3++v34+vr7+vp4eX9\/\/nt6fX\/\/fP76+v19fH97dXZxd\/5\/+PPz8vb7\/v18fHt5+\/379\/z3\/Hh6cm5zcHB1d3r+\/P37+fn5\/n79\/v78fn76\/Px+fP1+fn16fnp4fv37\/v3+e\/79ffx+evz9fv9\/\/f3+\/nx8+g=="} @@ -82,9 +82,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8066942 bytes -~~ total memory freed........: 8066942 bytes -~~ total allocations/frees...: 151342/151342 +~~ total memory allocated....: 7696795 bytes +~~ total memory freed........: 7696795 bytes +~~ total allocations/frees...: 145745/145745 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2312 chars diff --git a/test/results/default/skype-conference-call.pcap.out b/test/results/default/skype-conference-call.pcap.out index 83c43a316..a61be85b1 100644 --- a/test/results/default/skype-conference-call.pcap.out +++ b/test/results/default/skype-conference-call.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7969899 bytes -~~ total memory freed........: 7969899 bytes -~~ total allocations/frees...: 148487/148487 +~~ total memory allocated....: 7599560 bytes +~~ total memory freed........: 7599560 bytes +~~ total allocations/frees...: 142890/142890 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 527 chars ~~ json string max len.......: 2439 chars diff --git a/test/results/default/skype.pcap.out b/test/results/default/skype.pcap.out index c4d9b8b1c..30db7fd95 100644 --- a/test/results/default/skype.pcap.out +++ b/test/results/default/skype.pcap.out @@ -2132,9 +2132,9 @@ ~~ total active/idle flows...: 293/293 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8884302 bytes -~~ total memory freed........: 8884302 bytes -~~ total allocations/frees...: 154682/154682 +~~ total memory allocated....: 8520971 bytes +~~ total memory freed........: 8520971 bytes +~~ total allocations/frees...: 149085/149085 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 2483 chars diff --git a/test/results/default/skype_no_unknown.pcap.out b/test/results/default/skype_no_unknown.pcap.out index 9073a74ce..55da63171 100644 --- a/test/results/default/skype_no_unknown.pcap.out +++ b/test/results/default/skype_no_unknown.pcap.out @@ -1590,9 +1590,9 @@ ~~ total active/idle flows...: 267/267 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8753956 bytes -~~ total memory freed........: 8753956 bytes -~~ total allocations/frees...: 153384/153384 +~~ total memory allocated....: 8390001 bytes +~~ total memory freed........: 8390001 bytes +~~ total allocations/frees...: 147787/147787 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 308 chars ~~ json string max len.......: 2492 chars diff --git a/test/results/default/skype_udp.pcap.out b/test/results/default/skype_udp.pcap.out index 05dbd2be3..66c5552db 100644 --- a/test/results/default/skype_udp.pcap.out +++ b/test/results/default/skype_udp.pcap.out @@ -3,11 +3,11 @@ 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1156534494734879,"flow_src_last_pkt_time":1156534494734879,"flow_dst_last_pkt_time":1156534494734879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1156534494734879,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1156534494734879,"flow_dst_last_pkt_time":1156534494734879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1156534494734879,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCrtEAh3kuASsbNLlPtKfPLsSj70vZ59IfZD23vQ=="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1156534496782355,"flow_dst_last_pkt_time":1156534494734879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1156534496782355,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCqvCj5HkuAStybQoRs8uOXAH\/9ayvdzDWsfxVrg=="} -01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1156534494734879,"flow_src_last_pkt_time":1156534496782355,"flow_dst_last_pkt_time":1156534494734879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1156534496782355,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Skype_Teams","proto_id":"125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1156534500825691,"flow_dst_last_pkt_time":1156534494734879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1156534500825691,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCvuoUBXkuASuSYOIkRaPfGbxEfOnC\/51D4o9Ncw=="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1156534567055540,"flow_dst_last_pkt_time":1156534494734879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1156534567055540,"pkt":"ABbjGScVAAR2lnvaCABFAAAuAABAAEARoZ\/AqAECGOC+lYyWmV4AGplLsGsC8X+1b++522uzltBGo\/MQ"} +01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1156534494734879,"flow_src_last_pkt_time":1156534567055540,"flow_dst_last_pkt_time":1156534494734879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1156534567055540,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","proto_id":"125.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1156534567055540,"flow_dst_last_pkt_time":1156534567244697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1156534567244697,"pkt":"AAR2lnvaABbjGScVCABFAAAuy+IAAGUR8LwY4L6VwKgBAplejJYAGg6E4FcCztAyD8zMjQ7u\/eBiRTNa"} -01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1156534494734879,"flow_src_last_pkt_time":1156534567055540,"flow_dst_last_pkt_time":1156534567244697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":18,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":18,"midstream":0,"thread_ts_usec":1156534567244697,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Skype_Teams","proto_id":"125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1156534494734879,"flow_src_last_pkt_time":1156534567055540,"flow_dst_last_pkt_time":1156534567244697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":18,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":18,"midstream":0,"thread_ts_usec":1156534567244697,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","proto_id":"125.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00578{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":129,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1156534567244697} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 @@ -17,10 +17,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964244 bytes -~~ total memory freed........: 7964244 bytes -~~ total allocations/frees...: 148292/148292 +~~ total memory allocated....: 7593905 bytes +~~ total memory freed........: 7593905 bytes +~~ total allocations/frees...: 142695/142695 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars -~~ json string max len.......: 1105 chars -~~ json string avg len.......: 802 chars +~~ json string max len.......: 1124 chars +~~ json string avg len.......: 804 chars diff --git a/test/results/default/smb_deletefile.pcap.out b/test/results/default/smb_deletefile.pcap.out index 4024b6e7d..14c021708 100644 --- a/test/results/default/smb_deletefile.pcap.out +++ b/test/results/default/smb_deletefile.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967028 bytes -~~ total memory freed........: 7967028 bytes -~~ total allocations/frees...: 148388/148388 +~~ total memory allocated....: 7596689 bytes +~~ total memory freed........: 7596689 bytes +~~ total allocations/frees...: 142791/142791 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 520 chars ~~ json string max len.......: 2315 chars diff --git a/test/results/default/smb_frags.pcap.out b/test/results/default/smb_frags.pcap.out index be998692c..dc31ac37a 100644 --- a/test/results/default/smb_frags.pcap.out +++ b/test/results/default/smb_frags.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966412 bytes -~~ total memory freed........: 7966412 bytes -~~ total allocations/frees...: 148298/148298 +~~ total memory allocated....: 7596073 bytes +~~ total memory freed........: 7596073 bytes +~~ total allocations/frees...: 142701/142701 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 2408 chars diff --git a/test/results/default/smbv1.pcap.out b/test/results/default/smbv1.pcap.out index 28f039be1..52ab1cadb 100644 --- a/test/results/default/smbv1.pcap.out +++ b/test/results/default/smbv1.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966383 bytes -~~ total memory freed........: 7966383 bytes -~~ total allocations/frees...: 148297/148297 +~~ total memory allocated....: 7596044 bytes +~~ total memory freed........: 7596044 bytes +~~ total allocations/frees...: 142700/142700 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 1326 chars diff --git a/test/results/default/smpp_in_general.pcap.out b/test/results/default/smpp_in_general.pcap.out index bee8f696f..2850480e6 100644 --- a/test/results/default/smpp_in_general.pcap.out +++ b/test/results/default/smpp_in_general.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966640 bytes -~~ total memory freed........: 7966640 bytes -~~ total allocations/frees...: 148305/148305 +~~ total memory allocated....: 7596301 bytes +~~ total memory freed........: 7596301 bytes +~~ total allocations/frees...: 142708/142708 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 521 chars ~~ json string max len.......: 983 chars diff --git a/test/results/default/smtp-starttls.pcap.out b/test/results/default/smtp-starttls.pcap.out index 7f0c5a58a..3598ad6d9 100644 --- a/test/results/default/smtp-starttls.pcap.out +++ b/test/results/default/smtp-starttls.pcap.out @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7990562 bytes -~~ total memory freed........: 7990562 bytes -~~ total allocations/frees...: 148402/148402 +~~ total memory allocated....: 7620247 bytes +~~ total memory freed........: 7620247 bytes +~~ total allocations/frees...: 142805/142805 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 2540 chars diff --git a/test/results/default/smtp.pcap.out b/test/results/default/smtp.pcap.out index ddc6f323a..b8beca057 100644 --- a/test/results/default/smtp.pcap.out +++ b/test/results/default/smtp.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7968902 bytes -~~ total memory freed........: 7968902 bytes -~~ total allocations/frees...: 148383/148383 +~~ total memory allocated....: 7598563 bytes +~~ total memory freed........: 7598563 bytes +~~ total allocations/frees...: 142786/142786 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 2136 chars diff --git a/test/results/default/smtps.pcapng.out b/test/results/default/smtps.pcapng.out index 1b85a6805..d534fed01 100644 --- a/test/results/default/smtps.pcapng.out +++ b/test/results/default/smtps.pcapng.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7968319 bytes -~~ total memory freed........: 7968319 bytes -~~ total allocations/frees...: 148294/148294 +~~ total memory allocated....: 7597980 bytes +~~ total memory freed........: 7597980 bytes +~~ total allocations/frees...: 142697/142697 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 1227 chars diff --git a/test/results/default/snapchat.pcap.out b/test/results/default/snapchat.pcap.out index 22ae0a99d..0f44689e2 100644 --- a/test/results/default/snapchat.pcap.out +++ b/test/results/default/snapchat.pcap.out @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7982255 bytes -~~ total memory freed........: 7982255 bytes -~~ total allocations/frees...: 148376/148376 +~~ total memory allocated....: 7611964 bytes +~~ total memory freed........: 7611964 bytes +~~ total allocations/frees...: 142779/142779 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 1370 chars diff --git a/test/results/default/snapchat_call.pcapng.out b/test/results/default/snapchat_call.pcapng.out index 4ec84f5e5..f982472d2 100644 --- a/test/results/default/snapchat_call.pcapng.out +++ b/test/results/default/snapchat_call.pcapng.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7965549 bytes -~~ total memory freed........: 7965549 bytes -~~ total allocations/frees...: 148337/148337 +~~ total memory allocated....: 7595210 bytes +~~ total memory freed........: 7595210 bytes +~~ total allocations/frees...: 142740/142740 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 521 chars ~~ json string max len.......: 2362 chars diff --git a/test/results/default/snapchat_call_v1.pcapng.out b/test/results/default/snapchat_call_v1.pcapng.out index 9dfe39f2f..a5d7acdc2 100644 --- a/test/results/default/snapchat_call_v1.pcapng.out +++ b/test/results/default/snapchat_call_v1.pcapng.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7987960 bytes -~~ total memory freed........: 7987960 bytes -~~ total allocations/frees...: 148785/148785 +~~ total memory allocated....: 7617621 bytes +~~ total memory freed........: 7617621 bytes +~~ total allocations/frees...: 143188/143188 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 524 chars ~~ json string max len.......: 2225 chars diff --git a/test/results/default/snmp.pcap.out b/test/results/default/snmp.pcap.out index bccbfe7ea..a6cc14b76 100644 --- a/test/results/default/snmp.pcap.out +++ b/test/results/default/snmp.pcap.out @@ -143,9 +143,9 @@ ~~ total active/idle flows...: 17/17 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7999702 bytes -~~ total memory freed........: 7999702 bytes -~~ total allocations/frees...: 148533/148533 +~~ total memory allocated....: 7629747 bytes +~~ total memory freed........: 7629747 bytes +~~ total allocations/frees...: 142936/142936 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 1987 chars diff --git a/test/results/default/soap.pcap.out b/test/results/default/soap.pcap.out index 945d43db6..c473d1e99 100644 --- a/test/results/default/soap.pcap.out +++ b/test/results/default/soap.pcap.out @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7973117 bytes -~~ total memory freed........: 7973117 bytes -~~ total allocations/frees...: 148337/148337 +~~ total memory allocated....: 7602826 bytes +~~ total memory freed........: 7602826 bytes +~~ total allocations/frees...: 142740/142740 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 2469 chars diff --git a/test/results/default/socks-http-example.pcap.out b/test/results/default/socks-http-example.pcap.out deleted file mode 100644 index 5f9c6bf05..000000000 --- a/test/results/default/socks-http-example.pcap.out +++ /dev/null @@ -1,42 +0,0 @@ -00519{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00582{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1386004309468752} -00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1386004309468752,"flow_src_last_pkt_time":1386004309468752,"flow_dst_last_pkt_time":1386004309468752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1386004309468752,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1386004309468752,"flow_dst_last_pkt_time":1386004309468752,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1386004309468752,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAxApAAEAGJ5MKtJy5CrSc+dEdBDiu6S7xAAAAALAC\/\/9AOQAAAgQFtAEDAwQBAQgKFh7eWwAAAAAEAgAA"} -00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1386004309468752,"flow_dst_last_pkt_time":1386004309469255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1386004309469255,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R2gPF01ruku8qASOJDLlAAAAgQFtAQCCApiX+0zFh7eWwEDAwc="} -00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1386004309469289,"flow_dst_last_pkt_time":1386004309469255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1386004309469289,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA0BhZAAEAG5ZMKtJy5CrSc+dEdBDiu6S7yoDxdNoAQICsSxgAAAQEIChYe3ltiX+0z"} -00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1386004309469777,"flow_dst_last_pkt_time":1386004309469255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1386004309469777,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA92mFAAEAGET8KtJy5CrSc+dEdBDiu6S7yoDxdNoAYICvYMgAAAQEIChYe3lxiX+0zBAEAUF242HcA"} -00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1386004309469777,"flow_dst_last_pkt_time":1386004309470255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1386004309470255,"pkt":"AB9b\/1HLABNyxPHhCABFAAA0sAJAAEAGO6cKtJz5CrScuQQ40R2gPF02ruku+4AQAHIydAAAAQEICmJf7TQWHt5c"} -00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1386004309468752,"flow_src_last_pkt_time":1386004309469777,"flow_dst_last_pkt_time":1386004309473680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1386004309473680,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1386004312331130,"flow_src_last_pkt_time":1386004312331130,"flow_dst_last_pkt_time":1386004312331130,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1386004312331130,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1386004312331130,"flow_dst_last_pkt_time":1386004312331130,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1386004312331130,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAPjdAAEAGrWYKtJy5CrSc+dEeBDi5gOhGAAAAALAC\/\/9xLQAAAgQFtAEDAwQBAQgKFh7peQAAAAAEAgAA"} -00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1386004312331130,"flow_dst_last_pkt_time":1386004312331630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1386004312331630,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R7KitgsuYDoR6ASOJBMFQAAAgQFtAQCCApiX\/hhFh7peQEDAwc="} -00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1386004312331653,"flow_dst_last_pkt_time":1386004312331630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1386004312331653,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA0IDxAAEAGy20KtJy5CrSc+dEeBDi5gOhHyorYLYAQICuTRgAAAQEIChYe6XliX\/hh"} -00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1386004312331666,"flow_dst_last_pkt_time":1386004312331630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1386004312331666,"pkt":"ABNyxPHhAB9b\/1HLCABFAABNRFNAAEAGpz0KtJy5CrSc+dEeBDi5gOhHyorYLYAYICv4dwAAAQEIChYe6XliX\/hhBAEAUAAAAAEAd3d3LmV4YW1wbGUuY29tAA=="} -00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1386004312331666,"flow_dst_last_pkt_time":1386004312332151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1386004312332151,"pkt":"AB9b\/1HLABNyxPHhCABFAAA0IE9AAEAGy1oKtJz5CrScuQQ40R7KitgtuYDoYIAQAHKy5QAAAQEICmJf+GIWHul5"} -00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1386004312331130,"flow_src_last_pkt_time":1386004312331666,"flow_dst_last_pkt_time":1386004312379022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1386004312379022,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1386004317979913,"flow_src_last_pkt_time":1386004317979913,"flow_dst_last_pkt_time":1386004317979913,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1386004317979913,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1386004317979913,"flow_dst_last_pkt_time":1386004317979913,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1386004317979913,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAZFdAAEAGh0YKtJy5CrSc+dEfBDg7J\/Q2AAAAALAC\/\/\/NpwAAAgQFtAEDAwQBAQgKFh7\/ZwAAAAAEAgAA"} -00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1386004317979913,"flow_dst_last_pkt_time":1386004317980308,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1386004317980308,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R8tB48eOyf0N6ASOJB5EQAAAgQFtAQCCApiYA5xFh7\/ZwEDAwc="} -00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1386004317980332,"flow_dst_last_pkt_time":1386004317980308,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1386004317980332,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA0jiVAAEAGXYQKtJy5CrSc+dEfBDg7J\/Q3LQePH4AQICvAQgAAAQEIChYe\/2diYA5x"} -00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1386004317980349,"flow_dst_last_pkt_time":1386004317980308,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1386004317980349,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA4K2RAAEAGwEEKtJy5CrSc+dEfBDg7J\/Q3LQePH4AYICu7MwAAAQEIChYe\/2diYA5xBQIAAQ=="} -00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1386004317980349,"flow_dst_last_pkt_time":1386004317980555,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1386004317980555,"pkt":"AB9b\/1HLABNyxPHhCABFAAA0gW1AAEAGajwKtJz5CrScuQQ40R8tB48fOyf0O4AQAHLf9gAAAQEICmJgDnIWHv9n"} -00983{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1386004309468752,"flow_src_last_pkt_time":1386004309478765,"flow_dst_last_pkt_time":1386004309478749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":1599,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00983{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1386004312331130,"flow_src_last_pkt_time":1386004312384665,"flow_dst_last_pkt_time":1386004312384637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1599,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00955{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1386004317979913,"flow_src_last_pkt_time":1386004317989330,"flow_dst_last_pkt_time":1386004317989312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":1603,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1386004317979913,"flow_src_last_pkt_time":1386004317989330,"flow_dst_last_pkt_time":1386004317989312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":1603,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00591{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/socks-http-example.pcap","alias":"nDPId-test","packets-captured":46,"packets-processed":46,"total-skipped-flows":0,"total-l4-payload-len":5287,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1386004317989330} -~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 46/46 -~~ skipped flows.............: 0 -~~ total layer4 data length..: 5287 bytes -~~ total detected protocols..: 2 -~~ total active/idle flows...: 3/3 -~~ total timeout flows.......: 0 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7975777 bytes -~~ total memory freed........: 7975777 bytes -~~ total allocations/frees...: 148358/148358 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 524 chars -~~ json string max len.......: 988 chars -~~ json string avg len.......: 755 chars diff --git a/test/results/default/socks.pcap.out b/test/results/default/socks.pcap.out new file mode 100644 index 000000000..430c430a1 --- /dev/null +++ b/test/results/default/socks.pcap.out @@ -0,0 +1,51 @@ +00506{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00569{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1385474294492448} +00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1385474294492448,"flow_src_last_pkt_time":1385474294492448,"flow_dst_last_pkt_time":1385474294492448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1385474294492448,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":1637,"dst_port":21477,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1385474294492448,"flow_dst_last_pkt_time":1385474294492448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1385474294492448,"pkt":"AABeAAEBAAtFtxbACABFAAAwisFAAH4GgV8KAAABCgAAAgZlU+Uyuw5yAAAAAHACQAC3ZAAAAgQFUAEBBAI="} +00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1385474294492448,"flow_dst_last_pkt_time":1385474294649364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1385474294649364,"pkt":"AAtFtxbAACaI3xfHCABFAAAwbUxAAGcGtdQKAAACCgAAAVPlBmV6GpzgMrsOc3ASIADAvAAAAgQE7AEBBAI="} +00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1385474294849169,"flow_dst_last_pkt_time":1385474294649364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1385474294849169,"pkt":"AABeAAEBAAtFtxbACABFAAAois5AAH4GgVoKAAABCgAAAgZlU+Uyuw5zehqc4VAQROjH0AAAAAAAAAAA"} +00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1385474294849170,"flow_dst_last_pkt_time":1385474294649364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_usec":1385474294849170,"pkt":"AABeAAEBAAtFtxbACABFAAAritBAAH4GgVUKAAABCgAAAgZlU+Uyuw5zehqc4VAYROjCxAAABQEAAAAA"} +00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1385474294849170,"flow_dst_last_pkt_time":1385474295006242,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1385474295006242,"pkt":"AAtFtxbAACaI3xfHCABFAAAqbU9AAGcGtdcKAAACCgAAAVPlBmV6GpzhMrsOdlAY\/\/AHuwAABQAAAAAA"} +01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1385474294492448,"flow_src_last_pkt_time":1385474294849170,"flow_dst_last_pkt_time":1385474295006242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1385474295006242,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":1637,"dst_port":21477,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00576{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","packets-captured":15,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":1361,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1386004309468752} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1386004309468752,"flow_src_last_pkt_time":1386004309468752,"flow_dst_last_pkt_time":1386004309468752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1386004309468752,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1386004309468752,"flow_dst_last_pkt_time":1386004309468752,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1386004309468752,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAxApAAEAGJ5MKtJy5CrSc+dEdBDiu6S7xAAAAALAC\/\/9AOQAAAgQFtAEDAwQBAQgKFh7eWwAAAAAEAgAA"} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1386004309468752,"flow_dst_last_pkt_time":1386004309469255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1386004309469255,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R2gPF01ruku8qASOJDLlAAAAgQFtAQCCApiX+0zFh7eWwEDAwc="} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1386004309469289,"flow_dst_last_pkt_time":1386004309469255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1386004309469289,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA0BhZAAEAG5ZMKtJy5CrSc+dEdBDiu6S7yoDxdNoAQICsSxgAAAQEIChYe3ltiX+0z"} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1386004309469777,"flow_dst_last_pkt_time":1386004309469255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1386004309469777,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA92mFAAEAGET8KtJy5CrSc+dEdBDiu6S7yoDxdNoAYICvYMgAAAQEIChYe3lxiX+0zBAEAUF242HcA"} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1386004309469777,"flow_dst_last_pkt_time":1386004309470255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1386004309470255,"pkt":"AB9b\/1HLABNyxPHhCABFAAA0sAJAAEAGO6cKtJz5CrScuQQ40R2gPF02ruku+4AQAHIydAAAAQEICmJf7TQWHt5c"} +00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1386004309468752,"flow_src_last_pkt_time":1386004309469777,"flow_dst_last_pkt_time":1386004309473680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1386004309473680,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1386004312331130,"flow_src_last_pkt_time":1386004312331130,"flow_dst_last_pkt_time":1386004312331130,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1386004312331130,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1386004312331130,"flow_dst_last_pkt_time":1386004312331130,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1386004312331130,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAPjdAAEAGrWYKtJy5CrSc+dEeBDi5gOhGAAAAALAC\/\/9xLQAAAgQFtAEDAwQBAQgKFh7peQAAAAAEAgAA"} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1386004312331130,"flow_dst_last_pkt_time":1386004312331630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1386004312331630,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R7KitgsuYDoR6ASOJBMFQAAAgQFtAQCCApiX\/hhFh7peQEDAwc="} +00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1386004312331653,"flow_dst_last_pkt_time":1386004312331630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1386004312331653,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA0IDxAAEAGy20KtJy5CrSc+dEeBDi5gOhHyorYLYAQICuTRgAAAQEIChYe6XliX\/hh"} +00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1386004312331666,"flow_dst_last_pkt_time":1386004312331630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1386004312331666,"pkt":"ABNyxPHhAB9b\/1HLCABFAABNRFNAAEAGpz0KtJy5CrSc+dEeBDi5gOhHyorYLYAYICv4dwAAAQEIChYe6XliX\/hhBAEAUAAAAAEAd3d3LmV4YW1wbGUuY29tAA=="} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1386004312331666,"flow_dst_last_pkt_time":1386004312332151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1386004312332151,"pkt":"AB9b\/1HLABNyxPHhCABFAAA0IE9AAEAGy1oKtJz5CrScuQQ40R7KitgtuYDoYIAQAHKy5QAAAQEICmJf+GIWHul5"} +00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1386004312331130,"flow_src_last_pkt_time":1386004312331666,"flow_dst_last_pkt_time":1386004312379022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1386004312379022,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1386004317979913,"flow_src_last_pkt_time":1386004317979913,"flow_dst_last_pkt_time":1386004317979913,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1386004317979913,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1386004317979913,"flow_dst_last_pkt_time":1386004317979913,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1386004317979913,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAZFdAAEAGh0YKtJy5CrSc+dEfBDg7J\/Q2AAAAALAC\/\/\/NpwAAAgQFtAEDAwQBAQgKFh7\/ZwAAAAAEAgAA"} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1386004317979913,"flow_dst_last_pkt_time":1386004317980308,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1386004317980308,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R8tB48eOyf0N6ASOJB5EQAAAgQFtAQCCApiYA5xFh7\/ZwEDAwc="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1386004317980332,"flow_dst_last_pkt_time":1386004317980308,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1386004317980332,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA0jiVAAEAGXYQKtJy5CrSc+dEfBDg7J\/Q3LQePH4AQICvAQgAAAQEIChYe\/2diYA5x"} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1386004317980349,"flow_dst_last_pkt_time":1386004317980308,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1386004317980349,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA4K2RAAEAGwEEKtJy5CrSc+dEfBDg7J\/Q3LQePH4AYICu7MwAAAQEIChYe\/2diYA5xBQIAAQ=="} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1386004317980349,"flow_dst_last_pkt_time":1386004317980555,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1386004317980555,"pkt":"AB9b\/1HLABNyxPHhCABFAAA0gW1AAEAGajwKtJz5CrScuQQ40R8tB48fOyf0O4AQAHLf9gAAAQEICmJgDnIWHv9n"} +00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1386004317979913,"flow_src_last_pkt_time":1386004317980349,"flow_dst_last_pkt_time":1386004317980680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1386004317980680,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1385474294492448,"flow_src_last_pkt_time":1385474412431090,"flow_dst_last_pkt_time":1385474412219725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":395,"flow_dst_max_l4_payload_len":930,"flow_src_tot_l4_payload_len":419,"flow_dst_tot_l4_payload_len":942,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":1637,"dst_port":21477,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00970{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1386004309468752,"flow_src_last_pkt_time":1386004309478765,"flow_dst_last_pkt_time":1386004309478749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":1599,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00970{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1386004312331130,"flow_src_last_pkt_time":1386004312384665,"flow_dst_last_pkt_time":1386004312384637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1599,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1386004317979913,"flow_src_last_pkt_time":1386004317989330,"flow_dst_last_pkt_time":1386004317989312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":1603,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} +00578{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":6648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1386004317989330} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 60/60 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 6648 bytes +~~ total detected protocols..: 4 +~~ total active/idle flows...: 4/4 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7610064 bytes +~~ total memory freed........: 7610064 bytes +~~ total allocations/frees...: 142787/142787 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 511 chars +~~ json string max len.......: 1093 chars +~~ json string avg len.......: 801 chars diff --git a/test/results/default/softether.pcap.out b/test/results/default/softether.pcap.out index b24bab976..33502bcb0 100644 --- a/test/results/default/softether.pcap.out +++ b/test/results/default/softether.pcap.out @@ -113,9 +113,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7979980 bytes -~~ total memory freed........: 7979980 bytes -~~ total allocations/frees...: 148525/148525 +~~ total memory allocated....: 7609761 bytes +~~ total memory freed........: 7609761 bytes +~~ total allocations/frees...: 142928/142928 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 2285 chars diff --git a/test/results/default/someip-tp.pcap.out b/test/results/default/someip-tp.pcap.out index 24bec812a..804ed8167 100644 --- a/test/results/default/someip-tp.pcap.out +++ b/test/results/default/someip-tp.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964360 bytes -~~ total memory freed........: 7964360 bytes -~~ total allocations/frees...: 148296/148296 +~~ total memory allocated....: 7594021 bytes +~~ total memory freed........: 7594021 bytes +~~ total allocations/frees...: 142699/142699 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 2436 chars diff --git a/test/results/default/someip-udp-method-call.pcapng.out b/test/results/default/someip-udp-method-call.pcapng.out index ffa585e91..dcf60df42 100644 --- a/test/results/default/someip-udp-method-call.pcapng.out +++ b/test/results/default/someip-udp-method-call.pcapng.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966258 bytes -~~ total memory freed........: 7966258 bytes -~~ total allocations/frees...: 148300/148300 +~~ total memory allocated....: 7595943 bytes +~~ total memory freed........: 7595943 bytes +~~ total allocations/frees...: 142703/142703 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 530 chars ~~ json string max len.......: 1229 chars diff --git a/test/results/default/someip_sd_sample.pcap.out b/test/results/default/someip_sd_sample.pcap.out index a9a469dd7..ecd0549d4 100644 --- a/test/results/default/someip_sd_sample.pcap.out +++ b/test/results/default/someip_sd_sample.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7961999 bytes -~~ total memory freed........: 7961999 bytes -~~ total allocations/frees...: 148276/148276 +~~ total memory allocated....: 7591636 bytes +~~ total memory freed........: 7591636 bytes +~~ total allocations/frees...: 142679/142679 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 318 chars ~~ json string max len.......: 588 chars diff --git a/test/results/default/source_engine.pcap.out b/test/results/default/source_engine.pcap.out index 57eba659d..ba45b919d 100644 --- a/test/results/default/source_engine.pcap.out +++ b/test/results/default/source_engine.pcap.out @@ -91,9 +91,9 @@ ~~ total active/idle flows...: 17/17 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7998192 bytes -~~ total memory freed........: 7998192 bytes -~~ total allocations/frees...: 148480/148480 +~~ total memory allocated....: 7628237 bytes +~~ total memory freed........: 7628237 bytes +~~ total allocations/frees...: 142883/142883 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 1108 chars diff --git a/test/results/default/sql_injection.pcap.out b/test/results/default/sql_injection.pcap.out index 31f513d75..c083665e1 100644 --- a/test/results/default/sql_injection.pcap.out +++ b/test/results/default/sql_injection.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964730 bytes -~~ total memory freed........: 7964730 bytes -~~ total allocations/frees...: 148300/148300 +~~ total memory allocated....: 7594391 bytes +~~ total memory freed........: 7594391 bytes +~~ total allocations/frees...: 142703/142703 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 2508 chars diff --git a/test/results/default/ssdp-m-search-ua.pcap.out b/test/results/default/ssdp-m-search-ua.pcap.out index 0bcce8eac..1b0a44cc9 100644 --- a/test/results/default/ssdp-m-search-ua.pcap.out +++ b/test/results/default/ssdp-m-search-ua.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964223 bytes -~~ total memory freed........: 7964223 bytes -~~ total allocations/frees...: 148291/148291 +~~ total memory allocated....: 7593884 bytes +~~ total memory freed........: 7593884 bytes +~~ total allocations/frees...: 142694/142694 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 522 chars ~~ json string max len.......: 984 chars diff --git a/test/results/default/ssdp-m-search.pcap.out b/test/results/default/ssdp-m-search.pcap.out index 1dc8f9984..369ffff91 100644 --- a/test/results/default/ssdp-m-search.pcap.out +++ b/test/results/default/ssdp-m-search.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964622 bytes -~~ total memory freed........: 7964622 bytes -~~ total allocations/frees...: 148305/148305 +~~ total memory allocated....: 7594283 bytes +~~ total memory freed........: 7594283 bytes +~~ total allocations/frees...: 142708/142708 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 983 chars diff --git a/test/results/default/ssh.pcap.out b/test/results/default/ssh.pcap.out index b94606448..cb6070c66 100644 --- a/test/results/default/ssh.pcap.out +++ b/test/results/default/ssh.pcap.out @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7973633 bytes -~~ total memory freed........: 7973633 bytes -~~ total allocations/frees...: 148551/148551 +~~ total memory allocated....: 7603294 bytes +~~ total memory freed........: 7603294 bytes +~~ total allocations/frees...: 142954/142954 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 2430 chars diff --git a/test/results/default/ssl-cert-name-mismatch.pcap.out b/test/results/default/ssl-cert-name-mismatch.pcap.out index 1bc84c37e..588c36f69 100644 --- a/test/results/default/ssl-cert-name-mismatch.pcap.out +++ b/test/results/default/ssl-cert-name-mismatch.pcap.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7974973 bytes -~~ total memory freed........: 7974973 bytes -~~ total allocations/frees...: 148318/148318 +~~ total memory allocated....: 7604634 bytes +~~ total memory freed........: 7604634 bytes +~~ total allocations/frees...: 142721/142721 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 528 chars ~~ json string max len.......: 1508 chars diff --git a/test/results/default/starcraft_battle.pcap.out b/test/results/default/starcraft_battle.pcap.out index 3af9312ce..9b55d25d8 100644 --- a/test/results/default/starcraft_battle.pcap.out +++ b/test/results/default/starcraft_battle.pcap.out @@ -385,9 +385,9 @@ ~~ total active/idle flows...: 52/52 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8123404 bytes -~~ total memory freed........: 8123404 bytes -~~ total allocations/frees...: 149757/149757 +~~ total memory allocated....: 7754289 bytes +~~ total memory freed........: 7754289 bytes +~~ total allocations/frees...: 144160/144160 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 310 chars ~~ json string max len.......: 2402 chars diff --git a/test/results/default/steam.pcap.out b/test/results/default/steam.pcap.out index bbd5dcce1..e5088e323 100644 --- a/test/results/default/steam.pcap.out +++ b/test/results/default/steam.pcap.out @@ -272,9 +272,9 @@ ~~ total active/idle flows...: 55/55 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8080515 bytes -~~ total memory freed........: 8080515 bytes -~~ total allocations/frees...: 148985/148985 +~~ total memory allocated....: 7711472 bytes +~~ total memory freed........: 7711472 bytes +~~ total allocations/frees...: 143388/143388 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 1095 chars diff --git a/test/results/default/steam_datagram_relay_ping.pcapng.out b/test/results/default/steam_datagram_relay_ping.pcapng.out index f4ed82897..d2c1c4ac4 100644 --- a/test/results/default/steam_datagram_relay_ping.pcapng.out +++ b/test/results/default/steam_datagram_relay_ping.pcapng.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964157 bytes -~~ total memory freed........: 7964157 bytes -~~ total allocations/frees...: 148289/148289 +~~ total memory allocated....: 7593818 bytes +~~ total memory freed........: 7593818 bytes +~~ total allocations/frees...: 142692/142692 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 533 chars ~~ json string max len.......: 2275 chars diff --git a/test/results/default/stun.pcap.out b/test/results/default/stun.pcap.out index d8f8ab09a..42cffbfed 100644 --- a/test/results/default/stun.pcap.out +++ b/test/results/default/stun.pcap.out @@ -1,59 +1,69 @@ 00505{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614938022295727} -00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1614938022295727,"pkt":"AAAAAAAAAAQADrOzht1gAAAAABwRPzUWvwv8U3XncK\/2f45J9gMqOOFWgWejM\/rOsAwAACTZ3jANlgAcI38AAQAAIRKkQkJxcUN2YzZ5L2tJZQ=="} -00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022302588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1614938022302588,"pkt":"AAAAAAAAAAMAYN1Qht1kgAAAADQRNCo44VaBZ6Mz+s6wDAAAJNk1Fr8L\/FN153Cv9n+OSfYDDZbeMAA0NvABAQAYIRKkQkJxcUN2YzZ5L2tJZQABABQAAt4wIAEWcAAM6wRwr\/Z\/jkn2Aw=="} -00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1614938032427953,"flow_dst_last_pkt_time":1614938022302588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1614938032427953,"pkt":"AAAAAAAAAAQADrOzht1gAAAAABwRPzUWvwv8U3XncK\/2f45J9gMqOOFWgWejM\/rOsAwAACTZ3jANlgAc7vkAAQAAIRKkQjNwdjFXT0JUck9YUg=="} -00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1614938032427953,"flow_dst_last_pkt_time":1614938032434845,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1614938032434845,"pkt":"AAAAAAAAAAMAYN1Qht1kgAAAADQRNCo44VaBZ6Mz+s6wDAAAJNk1Fr8L\/FN153Cv9n+OSfYDDZbeMAA0AmsBAQAYIRKkQjNwdjFXT0JUck9YUgABABQAAt4wIAEWcAAM6wRwr\/Z\/jkn2Aw=="} -00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1614938042786502,"flow_dst_last_pkt_time":1614938032434845,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1614938042786502,"pkt":"AAAAAAAAAAQADrOzht1gAAAAABwRPzUWvwv8U3XncK\/2f45J9gMqOOFWgWejM\/rOsAwAACTZ3jANlgAcy8EAAQAAIRKkQk1lcFZ5ek1LZHJIKw=="} -01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938042789437,"flow_dst_last_pkt_time":1614938042793385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1614938042793385,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":4,"num_processed_pkts":3}}} -01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938072959021,"flow_dst_last_pkt_time":1614938072965856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":308,"midstream":0,"thread_ts_usec":1614938072965856,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01019{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938123200754,"flow_dst_last_pkt_time":1614938123207596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":528,"midstream":0,"thread_ts_usec":1614938123207596,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -02308{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938163424247,"flow_dst_last_pkt_time":1614938163431063,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":704,"midstream":0,"thread_ts_usec":1614938163431063,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2867,"avg":9105286.0,"max":10358549,"stddev":2980037.5,"var":8880623976448.0,"ent":4.8,"data": [6861,10132226,10132257,10358549,2935,10358540,2867,10055433,10055494,10056921,10056927,10057230,10057183,10053930,10053957,10069481,10069496,10027109,10027105,10027261,10027286,10063952,10063896,10098322,10098363,10035461,10035403,10061356,10061442,10028354,10028259]},"pktlen": {"min":68,"avg":80.0,"max":92,"stddev":12.0,"var":144.0,"ent":5.0,"data": [68,92,68,92,68,68,92,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.422471046,5.541838169,5.422470093,5.514770508,5.451882362,5.451882362,5.536509514,5.536509514,5.481293678,5.593521595,5.451882362,5.558248997,5.393059731,5.558248997,5.510704994,5.571783066,5.352545738,5.460210800,5.451882362,5.514770508,5.422471046,5.550043106,5.422470093,5.541838169,5.451882362,5.550043583,5.451882362,5.593522072,5.451882362,5.541838169,5.393058777,5.528304577]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01019{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":17,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938173452831,"flow_dst_last_pkt_time":1614938173459694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":748,"midstream":0,"thread_ts_usec":1614938173459694,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00575{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","packets-captured":43,"packets-processed":42,"total-skipped-flows":0,"total-l4-payload-len":1344,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1629291451242856} -00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1629291451242856,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1629291451242856,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4VYJAAEARop7AqAypHw1WNpTrnEMAJO1IAAMACCESpEJBSzdRUHlQSzlldVYAGQAEEQAAAA=="} -00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1629291451254377,"pkt":"mt9Y+uvcCL6sCxduCABFAACER+pAAFURmuofDVY2wKgMqZxDlOsAcMgPARMAVCESpEJBSzdRUHlQSzlldVYACQAQAAAEAXVuYXV0aG9yaXplZAAVAChiYjAzMWQ2MWNjYzFiZTgyZTI0MDE0NDM1ZWQ1MmYyNmZiYTYyNDgzABQAD3R1cm5lci5mYWNlYm9vawA="} -01177{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1629291451254377,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turner.facebook","stun": {"num_pkts":2,"num_binding_requests":0,"num_processed_pkts":1}}} -00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1629291451258494,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1629291451258494,"pkt":"CL6sCxdumt9Y+uvcCABFAACkVYNAAEARojHAqAypHw1WNpTrnEMAkHyWAAMAdCESpEI1elVqTVhIdmV3K3MAGQAEEQAAAAAGABBNZjJoOUhpNWFQTVJwbEYxABQAD3R1cm5lci5mYWNlYm9vawAAFQAoYmIwMzFkNjFjY2MxYmU4MmUyNDAxNDQzNWVkNTJmMjZmYmE2MjQ4MwAIABSHhqaIN2rgJVJbblyGsNjNga5wAA=="} -00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1629291451258494,"flow_dst_last_pkt_time":1629291451270324,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1629291451270324,"pkt":"mt9Y+uvcCL6sCxduCABFAABoR\/RAAFURmvwfDVY2wKgMqZxDlOsAVNHFAQMAOCESpEI1elVqTVhIdmV3K3MAIAAIAAEKiHw9RkMAFgAIAAHzDz4f8nQADQAEAAADhAAIABQOnZFMqSzdx5eUgJnLKFvGMJq2Uw=="} -00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1629291457262853,"flow_dst_last_pkt_time":1629291451270324,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1629291457262853,"pkt":"CL6sCxdumt9Y+uvcCABFAACoVltAAEARoVXAqAypHw1WNpTrnEMAlIWPAAgAeCESpEJGYi9SMVA1cFBNWWQAEgAIAAGMueG6pCQABgAQTWYyaDlIaTVhUE1ScGxGMQAUAA90dXJuZXIuZmFjZWJvb2sAABUAKGJiMDMxZDYxY2NjMWJlODJlMjQwMTQ0MzVlZDUyZjI2ZmJhNjI0ODMACAAUTGbb+kTKlKKmYo+\/Jw5ehEWYdT8="} -02350{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291458067482,"flow_dst_last_pkt_time":1629291458262623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":2076,"flow_dst_tot_l4_payload_len":1496,"midstream":0,"thread_ts_usec":1629291458262623,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":446593.3,"max":6004359,"stddev":1462539.6,"var":2139022032896.0,"ent":1.9,"data": [11521,15638,15947,6004359,4743,5997443,4483,7520,7140,108439,344493,499169,68464,195,19689,29038,92171,23636,96419,1566,50324,48303,277,50092,3265,34,52919,437,9663,44853,232153]},"pktlen": {"min":56,"avg":139.6,"max":168,"stddev":32.1,"var":1033.4,"ent":5.0,"data": [56,132,164,104,168,168,140,168,140,72,164,164,160,168,128,72,164,128,160,128,164,160,128,164,128,160,128,168,128,72,160,160]},"bins": {"c_to_s": [1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1],"entropies": [4.949250221,5.629978180,5.902420998,5.787013531,5.926646233,5.987994671,5.561037540,5.822503567,5.524854183,5.646986008,5.864535809,5.979504585,5.991234303,5.944041729,5.750370979,5.532198906,5.952124596,5.921264172,5.968927860,5.858764172,5.939929485,5.964835167,5.834393978,6.016089916,5.896893978,6.048427582,5.933710575,5.919234276,5.831344128,5.608724117,6.145952225,6.009518147]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938213778839,"flow_dst_last_pkt_time":1614938213785682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":924,"midstream":0,"thread_ts_usec":1629291461216501,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00578{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","packets-captured":118,"packets-processed":117,"total-skipped-flows":0,"total-l4-payload-len":8748,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1643626018009166} -00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643626018009166,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643626018009166,"pkt":"AAAAAAAAAAIAmUIoCABFAAA8AABAAC4GIeBXL2QRNgE5mw2WkYlv2uEwZMfN9aAScSBlfgAAAgQFtAQCCAqf27foB2LEZgEDAwc="} -00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018016908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643626018016908,"pkt":"AAAAAAAAAAUALNPrCABFAABQFVpAAD8G+3E2ATmbVy9kEZGJDZZkx831b9rhMYAYAQDj2AAAAQEICgdixWGf27foAAMACCESpEJwTVNWeGJTOWtyTkQAGQAEEQAAAA=="} -00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643626018269673,"pkt":"AAAAAAAAAAUALNPrCABFAABQFVtAAD8G+3A2ATmbVy9kEZGJDZZkx84Rb9rhMYAYAQDivwAAAQEICgdixl6f27foAAMACCESpEJwTVNWeGJTOWtyTkQAGQAEEQAAAA=="} -00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1643626018276412,"pkt":"AAAAAAAAAAIAmUIoCABFAACsWRhAAC4GyFdXL2QRNgE5mw2WkYlv2uExZMfOEYAYAOOJVAAAAQEICp\/buCoHYsVhARMAZCESpEJwTVNWeGJTOWtyTkQACQAQAAAEAVVuYXV0aG9yaXplZAAVABBjYmNkY2NjZjczNTNhNzEwABQADWFwcHMtaG9zdC5jb21pZGWAIgAaQ290dXJuLTQuNS4wLjUgJ2RhbiBFaWRlcicABIAoAAQF+V\/p"} -01024{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1643626018276412,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com","stun": {"num_pkts":3,"num_binding_requests":0,"num_processed_pkts":3}}} -00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018282040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1643626018282040,"pkt":"AAAAAAAAAAUALNPrCABFAADAFV1AAD8G+v42ATmbVy9kEZGJDZZkx84tb9rhqYAYAQDFDgAAAQEICgdixmqf27gqAAMAeCESpEIwS0liOW85U1ZZeVMAGQAEEQAAAAAGACwxNjQzNjI5NTI3OlJPVUxPTTMwMDErdDc4eUlLaXlmZEUzQVZON2Frc3RYdwAUAA1hcHBzLWhvc3QuY29tAAAAABUAEGNiY2RjY2NmNzM1M2E3MTAACAAUEKPLC4yIRo0ZYTSYOcifZ5nxpRk="} -01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":35,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291461328776,"flow_dst_last_pkt_time":1629291461336154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":4454,"flow_dst_tot_l4_payload_len":2950,"midstream":0,"thread_ts_usec":1643626018957379,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00579{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","packets-captured":138,"packets-processed":137,"total-skipped-flows":0,"total-l4-payload-len":11092,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1647958145472010} -00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1647958145472010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1647958145472010,"pkt":"CL6sCxdumt9Y+uvcCABFAACIXMVAAEARLvHAqAypjvpSY8ABDZYAdIYdAAEAWCESpEJ3bGtZRHRGSndEMi8ABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAwFcABAADAAqAKgAIm1kRHMWaA6wAJAAEbn8e\/wAIABQgoq\/oigOja2ENES7+eYfoJkViaIAoAARShoZ6"} -00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1647958145494943,"pkt":"mt9Y+uvcCL6sCxduCABFgAB4CTMAAGgRmhOO+lJjwKgMqQ2WwAEAZP2fAQEASCESpEJ3bGtZRHRGSndEMi8ABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAACAACAABDpd8PUUEAAgAFMkvMxJ2ZVgNos4I+G8Cki6KP0KSgCgABEOVy9w="} -00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1647958145497647,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1647958145497647,"pkt":"CL6sCxdumt9Y+uvcCABFAAC1XMZAAEARLsPAqAypjvpSY8ABDZYAoaIVFv7\/AAAAAAAAAAAAjAEAAIAAAAAAAAAAgP791X1ylaTuNVSstdiIoIYfSIMff5WF4WIe0fPoTt2GU88AAAAWwCvAL8ypzKjACcATwArAFACcAC8ANQEAAEAAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAA4ABQACAAEA"} -00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1647958145516401,"pkt":"CL6sCxdumt9Y+uvcCABFAACMXMdAAEARLuvAqAypjvpSY8ABDZYAePkAAAEAXCESpEJBQXJDQXNDU1c3RGUABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAwFcABAADAAqAKgAIm1kRHMWaA6wAJQAAACQABG5\/Hv8ACAAU7HdlKrvT1M4pE3\/8LaAzyLRfKuCAKAAEaPPzUQ=="} -01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":373,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1647958145516401,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":3,"num_binding_requests":2,"num_processed_pkts":3}}} -02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145521909,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1240,"pkt_l4_len":1206,"thread_ts_usec":1647958145521909,"pkt":"mt9Y+uvcCL6sCxduCABFgATKCTkAAGgRlbuO+lJjwKgMqQ2WwAEEtpQxFv79AAAAAAAAAAAAUAIAAEQAAAAAAAAARP79YjnYgQ5eG2LfZqyVyxoZi+6CtOTsYwsdJCYMKROVXGcAwC8AABwAFwAA\/wEAAQAACwACAQAAIwAAAA4ABQACAAEAFv79AAAAAAAAAAECuAsAAqwAAQAAAAACrAACqQACpjCCAqIwggGKAgkAny3VlFYafIkwDQYJKoZIhvcNAQELBQAwEzERMA8GA1UEAwwIaGFuZ291dHMwHhcNMjIwMzE3MDIxMTE3WhcNMjMwMzE4MDIxMTE3WjATMREwDwYDVQQDDAhoYW5nb3V0czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJN79VYhJJmaCot75jmGh6xWJYN2151GuDW0nfg2Df6Jmbrp31upp3kHxQJWmGaSPXRYfml8Cl3Tg86JKDMEmrhxjL\/R\/1AjvIfyaYtHXzF\/xB7OESvX36WqhTavBqUaUaDusLznYi+r8IZNxP9b986\/blklElf2DpdOu2w4VLXuh4gGmMsx1vKP5IPsMK3vUP1xD8T1nxfMNhLmqRi8PeSnZ48\/THj1BX5yGpA+VWHX3p0+BT1LmsuIJbETYptnrZhhI7d2wsebrfvZbl6c+Wyfz\/unnO4UCeGsa7n+WcHNS\/fxajl1lkk27V54A+RXJQ4hzFOgk7RiVugSIm70Tw0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAfSgM9durzGL4ir9VkG8itVG+ioss9WUosFBER2ocK9Kfg37EPR0V5sTPtc+o62NhqvZxUI8el5M17SX+ledWCBYram8Y9lcJslDd8jQTVaK\/g4kPv0HES1rPFcm05+7xjeonRitLYSr4szNvR5m4MiltT3AAtdEh4fVVCTF1v\/B6XbGasMdsH5FgjIgGu\/o\/ah\/90wM9GbLkmNBxqh9PUPrt3H0BhWgTYWqi8EQkhOIoAet+8a2pzP8KK\/3Jk4ZvoLZnYdyM+b2dEYMWGpKNocvc6gy1NGkViOvdiMOC4wKAazQb66jsfjq01Rd7TJOyVz2Zn\/Gvqi45ZQ2n6Pq+jxb+\/QAAAAAAAAACATQMAAEoAAIAAAAAASgDAB0gWO85qTgc41jsrYAVUV8Pam2fB7qlNCO+CG\/yV46IE34IBAEAQiatr1myYKLGqbU09xBd7W5hs4AeIGZh6Ok5JysE6JnDlAH7vqbHtKO\/w5eO6qNhlPKD185ipReDt+\/7SN3JbOhAQsxNuub8QVkn6xeShY3gCzDAl2BtRlsVnWLYIMiY\/C6lbHho8XEs7VF7jTKIbjPqaOFR6lavjuQRiAFHF4YqtYOXs29HqkGzWn78ry62PLQncem6Ajcx4IeAs4lItRuxWILyDXGQ9aY0N+f+hO1+3QDyWbL3qVsD0p\/vAzfqL06mfhZB6HtpUaUTBPlXRD8So0qSwyu+0YSNJKPQUm11a7IGOPScniv+hStTpzVhgdQiVYvn9Q+cFwHXqFOrEhb+\/QAAAAAAAAADACUNAAAZAAMAAAAAABkCAUAAEgQDCAQEAQUDCAUFAQgGBgECAQAAFv79AAAAAAAAAAQADA4AAAAABAAAAAAAAA=="} -02216{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147569135,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2034,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1647958147569135,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":10,"avg":131323.2,"max":835905,"stddev":227053.5,"var":51553292288.0,"ent":3.4,"data": [22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681]},"pktlen": {"min":62,"avg":179.2,"max":1226,"stddev":221.3,"var":48965.1,"ent":4.4,"data": [136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95]},"bins": {"c_to_s": [0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0],"entropies": [5.892770290,5.917269707,5.007872105,5.887039185,7.338845253,6.721559048,5.830899239,5.701940536,7.409162045,5.674040794,6.041372776,6.178256989,6.436406612,5.927646160,6.099106312,5.359262466,5.425189495,5.590319157,5.866630077,5.268241882,5.246464729,5.907410622,5.825631142,5.235982895,6.120714188,5.927108288,5.950603008,6.068934917,6.005105495,5.939156055,6.060311317,5.943433762]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147591534,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1647958147591534,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018957379,"flow_dst_last_pkt_time":1643626018908035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1647958147591534,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00581{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","packets-captured":170,"packets-processed":170,"total-skipped-flows":0,"total-l4-payload-len":15998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1647958147591534} +00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1568718599876883} +00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599876883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718599876883,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599876883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1568718599876883,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAND5VQAB7BgrSCk1uMwrOMu+idKQQzU6orgAAAACAAiAA3LQAAAIEBVABAwMIAQEEAg=="} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1568718599920416,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARQAANHKjQAB9BtTjCs4y7wpNbjOkEKJ058UMHs1OqK+AEv\/\/CFwAAAIEBbQBAwMIAQEEAg=="} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":164,"pkt_l4_len":126,"thread_ts_usec":1568718600246272,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAkkBfQAB8BgdqCk1uMwrOMu+idKQQzU6or+fFDB9QGAID5RwAAABoAAEAVCESpELzQ5RTtpj7KVC7Bu0ABgAJL3BJMDpUb0VkAAAAACQABG5r\/P+AKQAIAAAAAAAEwtGAVAABMgAAAIBwAAQAAAADAAgAFP6Sh2rUbXt5fULrjXmoBfrzHXLRgCgABAIA\/Ec="} +01026{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":106,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718600246272,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":0}}} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":164,"pkt_l4_len":126,"thread_ts_usec":1568718600246272,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAkkBgQAB8BgdpCk1uMwrOMu+idKQQzU6pGefFDB9QGAIDfYIAAABoAAEAVCESpELzQ5RTtpj7KVC7Bu0ABgAML3BJMDpUb0VkAAAAACQABG5r\/P+AKQAIAAAAAAAEwtGAVAAEMgAAAIBwAAQAAAADAAgAFE3CuT+mSQnt\/XCbEyheNg3aE4FAgCgABC51Ucc="} +00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718600319984,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":156,"pkt_l4_len":118,"thread_ts_usec":1568718600319984,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARQAAinKyQAB9BtR+Cs4y7wpNbjOkEKJ058UMH81OqYNQGAEDPFEAAABgAQEATCESpELzQ5RTtpj7KVC7Bu0AIAAIAAGDZitfynEABgAJL3BJMDpUb0VkAAAAgDcABAAAAAGAcAAEAAAAAwAIABT3XyNLEfjiVg6vTdc0SJ1BoW97H4AoAAQNJssy"} +00575{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":1224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1614938022295727} +00823{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1614938022295727,"pkt":"AAAAAAAAAAQADrOzht1gAAAAABwRPzUWvwv8U3XncK\/2f45J9gMqOOFWgWejM\/rOsAwAACTZ3jANlgAcI38AAQAAIRKkQkJxcUN2YzZ5L2tJZQ=="} +00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022302588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1614938022302588,"pkt":"AAAAAAAAAAMAYN1Qht1kgAAAADQRNCo44VaBZ6Mz+s6wDAAAJNk1Fr8L\/FN153Cv9n+OSfYDDZbeMAA0NvABAQAYIRKkQkJxcUN2YzZ5L2tJZQABABQAAt4wIAEWcAAM6wRwr\/Z\/jkn2Aw=="} +00984{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600876092,"flow_dst_last_pkt_time":1568718600931144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":588,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1614938022302588,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1614938032427953,"flow_dst_last_pkt_time":1614938022302588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1614938032427953,"pkt":"AAAAAAAAAAQADrOzht1gAAAAABwRPzUWvwv8U3XncK\/2f45J9gMqOOFWgWejM\/rOsAwAACTZ3jANlgAc7vkAAQAAIRKkQjNwdjFXT0JUck9YUg=="} +00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1614938032427953,"flow_dst_last_pkt_time":1614938032434845,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1614938032434845,"pkt":"AAAAAAAAAAMAYN1Qht1kgAAAADQRNCo44VaBZ6Mz+s6wDAAAJNk1Fr8L\/FN153Cv9n+OSfYDDZbeMAA0AmsBAQAYIRKkQjNwdjFXT0JUck9YUgABABQAAt4wIAEWcAAM6wRwr\/Z\/jkn2Aw=="} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1614938042786502,"flow_dst_last_pkt_time":1614938032434845,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1614938042786502,"pkt":"AAAAAAAAAAQADrOzht1gAAAAABwRPzUWvwv8U3XncK\/2f45J9gMqOOFWgWejM\/rOsAwAACTZ3jANlgAcy8EAAQAAIRKkQk1lcFZ5ek1LZHJIKw=="} +01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938042789437,"flow_dst_last_pkt_time":1614938042793385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1614938042793385,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":4,"num_processed_pkts":3}}} +01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938072959021,"flow_dst_last_pkt_time":1614938072965856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":308,"midstream":0,"thread_ts_usec":1614938072965856,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01019{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938123200754,"flow_dst_last_pkt_time":1614938123207596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":528,"midstream":0,"thread_ts_usec":1614938123207596,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +02308{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938163424247,"flow_dst_last_pkt_time":1614938163431063,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":704,"midstream":0,"thread_ts_usec":1614938163431063,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2867,"avg":9105286.0,"max":10358549,"stddev":2980037.5,"var":8880623976448.0,"ent":4.8,"data": [6861,10132226,10132257,10358549,2935,10358540,2867,10055433,10055494,10056921,10056927,10057230,10057183,10053930,10053957,10069481,10069496,10027109,10027105,10027261,10027286,10063952,10063896,10098322,10098363,10035461,10035403,10061356,10061442,10028354,10028259]},"pktlen": {"min":68,"avg":80.0,"max":92,"stddev":12.0,"var":144.0,"ent":5.0,"data": [68,92,68,92,68,68,92,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.422471046,5.541838169,5.422470093,5.514770508,5.451882362,5.451882362,5.536509514,5.536509514,5.481293678,5.593521595,5.451882362,5.558248997,5.393059731,5.558248997,5.510704994,5.571783066,5.352545738,5.460210800,5.451882362,5.514770508,5.422471046,5.550043106,5.422470093,5.541838169,5.451882362,5.550043583,5.451882362,5.593522072,5.451882362,5.541838169,5.393058777,5.528304577]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01019{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":17,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938173452831,"flow_dst_last_pkt_time":1614938173459694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":748,"midstream":0,"thread_ts_usec":1614938173459694,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00575{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":2568,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1629291451242856} +00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1629291451242856,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1629291451242856,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4VYJAAEARop7AqAypHw1WNpTrnEMAJO1IAAMACCESpEJBSzdRUHlQSzlldVYAGQAEEQAAAA=="} +00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1629291451254377,"pkt":"mt9Y+uvcCL6sCxduCABFAACER+pAAFURmuofDVY2wKgMqZxDlOsAcMgPARMAVCESpEJBSzdRUHlQSzlldVYACQAQAAAEAXVuYXV0aG9yaXplZAAVAChiYjAzMWQ2MWNjYzFiZTgyZTI0MDE0NDM1ZWQ1MmYyNmZiYTYyNDgzABQAD3R1cm5lci5mYWNlYm9vawA="} +01177{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1629291451254377,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turner.facebook","stun": {"num_pkts":2,"num_binding_requests":0,"num_processed_pkts":1}}} +00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1629291451258494,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1629291451258494,"pkt":"CL6sCxdumt9Y+uvcCABFAACkVYNAAEARojHAqAypHw1WNpTrnEMAkHyWAAMAdCESpEI1elVqTVhIdmV3K3MAGQAEEQAAAAAGABBNZjJoOUhpNWFQTVJwbEYxABQAD3R1cm5lci5mYWNlYm9vawAAFQAoYmIwMzFkNjFjY2MxYmU4MmUyNDAxNDQzNWVkNTJmMjZmYmE2MjQ4MwAIABSHhqaIN2rgJVJbblyGsNjNga5wAA=="} +00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1629291451258494,"flow_dst_last_pkt_time":1629291451270324,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1629291451270324,"pkt":"mt9Y+uvcCL6sCxduCABFAABoR\/RAAFURmvwfDVY2wKgMqZxDlOsAVNHFAQMAOCESpEI1elVqTVhIdmV3K3MAIAAIAAEKiHw9RkMAFgAIAAHzDz4f8nQADQAEAAADhAAIABQOnZFMqSzdx5eUgJnLKFvGMJq2Uw=="} +00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1629291457262853,"flow_dst_last_pkt_time":1629291451270324,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1629291457262853,"pkt":"CL6sCxdumt9Y+uvcCABFAACoVltAAEARoVXAqAypHw1WNpTrnEMAlIWPAAgAeCESpEJGYi9SMVA1cFBNWWQAEgAIAAGMueG6pCQABgAQTWYyaDlIaTVhUE1ScGxGMQAUAA90dXJuZXIuZmFjZWJvb2sAABUAKGJiMDMxZDYxY2NjMWJlODJlMjQwMTQ0MzVlZDUyZjI2ZmJhNjI0ODMACAAUTGbb+kTKlKKmYo+\/Jw5ehEWYdT8="} +02350{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291458067482,"flow_dst_last_pkt_time":1629291458262623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":2076,"flow_dst_tot_l4_payload_len":1496,"midstream":0,"thread_ts_usec":1629291458262623,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":446593.3,"max":6004359,"stddev":1462539.6,"var":2139022032896.0,"ent":1.9,"data": [11521,15638,15947,6004359,4743,5997443,4483,7520,7140,108439,344493,499169,68464,195,19689,29038,92171,23636,96419,1566,50324,48303,277,50092,3265,34,52919,437,9663,44853,232153]},"pktlen": {"min":56,"avg":139.6,"max":168,"stddev":32.1,"var":1033.4,"ent":5.0,"data": [56,132,164,104,168,168,140,168,140,72,164,164,160,168,128,72,164,128,160,128,164,160,128,164,128,160,128,168,128,72,160,160]},"bins": {"c_to_s": [1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1],"entropies": [4.949250221,5.629978180,5.902420998,5.787013531,5.926646233,5.987994671,5.561037540,5.822503567,5.524854183,5.646986008,5.864535809,5.979504585,5.991234303,5.944041729,5.750370979,5.532198906,5.952124596,5.921264172,5.968927860,5.858764172,5.939929485,5.964835167,5.834393978,6.016089916,5.896893978,6.048427582,5.933710575,5.919234276,5.831344128,5.608724117,6.145952225,6.009518147]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938213778839,"flow_dst_last_pkt_time":1614938213785682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":924,"midstream":0,"thread_ts_usec":1629291461216501,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00578{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","packets-captured":133,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":9972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1643626018009166} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643626018009166,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643626018009166,"pkt":"AAAAAAAAAAIAmUIoCABFAAA8AABAAC4GIeBXL2QRNgE5mw2WkYlv2uEwZMfN9aAScSBlfgAAAgQFtAQCCAqf27foB2LEZgEDAwc="} +00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018016908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643626018016908,"pkt":"AAAAAAAAAAUALNPrCABFAABQFVpAAD8G+3E2ATmbVy9kEZGJDZZkx831b9rhMYAYAQDj2AAAAQEICgdixWGf27foAAMACCESpEJwTVNWeGJTOWtyTkQAGQAEEQAAAA=="} +00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643626018269673,"pkt":"AAAAAAAAAAUALNPrCABFAABQFVtAAD8G+3A2ATmbVy9kEZGJDZZkx84Rb9rhMYAYAQDivwAAAQEICgdixl6f27foAAMACCESpEJwTVNWeGJTOWtyTkQAGQAEEQAAAA=="} +00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1643626018276412,"pkt":"AAAAAAAAAAIAmUIoCABFAACsWRhAAC4GyFdXL2QRNgE5mw2WkYlv2uExZMfOEYAYAOOJVAAAAQEICp\/buCoHYsVhARMAZCESpEJwTVNWeGJTOWtyTkQACQAQAAAEAVVuYXV0aG9yaXplZAAVABBjYmNkY2NjZjczNTNhNzEwABQADWFwcHMtaG9zdC5jb21pZGWAIgAaQ290dXJuLTQuNS4wLjUgJ2RhbiBFaWRlcicABIAoAAQF+V\/p"} +01024{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1643626018276412,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com","stun": {"num_pkts":3,"num_binding_requests":0,"num_processed_pkts":3}}} +00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018282040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1643626018282040,"pkt":"AAAAAAAAAAUALNPrCABFAADAFV1AAD8G+v42ATmbVy9kEZGJDZZkx84tb9rhqYAYAQDFDgAAAQEICgdixmqf27gqAAMAeCESpEIwS0liOW85U1ZZeVMAGQAEEQAAAAAGACwxNjQzNjI5NTI3OlJPVUxPTTMwMDErdDc4eUlLaXlmZEUzQVZON2Frc3RYdwAUAA1hcHBzLWhvc3QuY29tAAAAABUAEGNiY2RjY2NmNzM1M2E3MTAACAAUEKPLC4yIRo0ZYTSYOcifZ5nxpRk="} +01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":35,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291461328776,"flow_dst_last_pkt_time":1629291461336154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":4454,"flow_dst_tot_l4_payload_len":2950,"midstream":0,"thread_ts_usec":1643626018957379,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00579{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","packets-captured":153,"packets-processed":152,"total-skipped-flows":0,"total-l4-payload-len":12316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1647958145472010} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1647958145472010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1647958145472010,"pkt":"CL6sCxdumt9Y+uvcCABFAACIXMVAAEARLvHAqAypjvpSY8ABDZYAdIYdAAEAWCESpEJ3bGtZRHRGSndEMi8ABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAwFcABAADAAqAKgAIm1kRHMWaA6wAJAAEbn8e\/wAIABQgoq\/oigOja2ENES7+eYfoJkViaIAoAARShoZ6"} +00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1647958145494943,"pkt":"mt9Y+uvcCL6sCxduCABFgAB4CTMAAGgRmhOO+lJjwKgMqQ2WwAEAZP2fAQEASCESpEJ3bGtZRHRGSndEMi8ABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAACAACAABDpd8PUUEAAgAFMkvMxJ2ZVgNos4I+G8Cki6KP0KSgCgABEOVy9w="} +00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1647958145497647,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1647958145497647,"pkt":"CL6sCxdumt9Y+uvcCABFAAC1XMZAAEARLsPAqAypjvpSY8ABDZYAoaIVFv7\/AAAAAAAAAAAAjAEAAIAAAAAAAAAAgP791X1ylaTuNVSstdiIoIYfSIMff5WF4WIe0fPoTt2GU88AAAAWwCvAL8ypzKjACcATwArAFACcAC8ANQEAAEAAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAA4ABQACAAEA"} +01302{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145497647,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1647958145497647,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} +00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1647958145516401,"pkt":"CL6sCxdumt9Y+uvcCABFAACMXMdAAEARLuvAqAypjvpSY8ABDZYAePkAAAEAXCESpEJBQXJDQXNDU1c3RGUABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAwFcABAADAAqAKgAIm1kRHMWaA6wAJQAAACQABG5\/Hv8ACAAU7HdlKrvT1M4pE3\/8LaAzyLRfKuCAKAAEaPPzUQ=="} +02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145521909,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1240,"pkt_l4_len":1206,"thread_ts_usec":1647958145521909,"pkt":"mt9Y+uvcCL6sCxduCABFgATKCTkAAGgRlbuO+lJjwKgMqQ2WwAEEtpQxFv79AAAAAAAAAAAAUAIAAEQAAAAAAAAARP79YjnYgQ5eG2LfZqyVyxoZi+6CtOTsYwsdJCYMKROVXGcAwC8AABwAFwAA\/wEAAQAACwACAQAAIwAAAA4ABQACAAEAFv79AAAAAAAAAAECuAsAAqwAAQAAAAACrAACqQACpjCCAqIwggGKAgkAny3VlFYafIkwDQYJKoZIhvcNAQELBQAwEzERMA8GA1UEAwwIaGFuZ291dHMwHhcNMjIwMzE3MDIxMTE3WhcNMjMwMzE4MDIxMTE3WjATMREwDwYDVQQDDAhoYW5nb3V0czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJN79VYhJJmaCot75jmGh6xWJYN2151GuDW0nfg2Df6Jmbrp31upp3kHxQJWmGaSPXRYfml8Cl3Tg86JKDMEmrhxjL\/R\/1AjvIfyaYtHXzF\/xB7OESvX36WqhTavBqUaUaDusLznYi+r8IZNxP9b986\/blklElf2DpdOu2w4VLXuh4gGmMsx1vKP5IPsMK3vUP1xD8T1nxfMNhLmqRi8PeSnZ48\/THj1BX5yGpA+VWHX3p0+BT1LmsuIJbETYptnrZhhI7d2wsebrfvZbl6c+Wyfz\/unnO4UCeGsa7n+WcHNS\/fxajl1lkk27V54A+RXJQ4hzFOgk7RiVugSIm70Tw0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAfSgM9durzGL4ir9VkG8itVG+ioss9WUosFBER2ocK9Kfg37EPR0V5sTPtc+o62NhqvZxUI8el5M17SX+ledWCBYram8Y9lcJslDd8jQTVaK\/g4kPv0HES1rPFcm05+7xjeonRitLYSr4szNvR5m4MiltT3AAtdEh4fVVCTF1v\/B6XbGasMdsH5FgjIgGu\/o\/ah\/90wM9GbLkmNBxqh9PUPrt3H0BhWgTYWqi8EQkhOIoAet+8a2pzP8KK\/3Jk4ZvoLZnYdyM+b2dEYMWGpKNocvc6gy1NGkViOvdiMOC4wKAazQb66jsfjq01Rd7TJOyVz2Zn\/Gvqi45ZQ2n6Pq+jxb+\/QAAAAAAAAACATQMAAEoAAIAAAAAASgDAB0gWO85qTgc41jsrYAVUV8Pam2fB7qlNCO+CG\/yV46IE34IBAEAQiatr1myYKLGqbU09xBd7W5hs4AeIGZh6Ok5JysE6JnDlAH7vqbHtKO\/w5eO6qNhlPKD185ipReDt+\/7SN3JbOhAQsxNuub8QVkn6xeShY3gCzDAl2BtRlsVnWLYIMiY\/C6lbHho8XEs7VF7jTKIbjPqaOFR6lavjuQRiAFHF4YqtYOXs29HqkGzWn78ry62PLQncem6Ajcx4IeAs4lItRuxWILyDXGQ9aY0N+f+hO1+3QDyWbL3qVsD0p\/vAzfqL06mfhZB6HtpUaUTBPlXRD8So0qSwyu+0YSNJKPQUm11a7IGOPScniv+hStTpzVhgdQiVYvn9Q+cFwHXqFOrEhb+\/QAAAAAAAAADACUNAAAZAAMAAAAAABkCAUAAEgQDCAQEAQUDCAUFAQgGBgECAQAAFv79AAAAAAAAAAQADA4AAAAABAAAAAAAAA=="} +01620{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145521909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":373,"flow_dst_tot_l4_payload_len":1290,"midstream":0,"thread_ts_usec":1647958145521909,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.GoogleHangoutDuo","proto_id":"30.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"6C:D0:9A:70:A1:F1:9E:BF:8E:EF:FE:B6:F1:37:A3:E8:8A:3B:F7:C8"}}} +02567{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147569135,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2034,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1647958147569135,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":10,"avg":131323.2,"max":835905,"stddev":227053.5,"var":51553292288.0,"ent":3.4,"data": [22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681]},"pktlen": {"min":62,"avg":179.2,"max":1226,"stddev":221.3,"var":48965.1,"ent":4.4,"data": [136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95]},"bins": {"c_to_s": [0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0],"entropies": [5.892770290,5.917269707,5.007872105,5.887039185,7.338845253,6.721559048,5.830899239,5.701940536,7.409162045,5.674040794,6.041372776,6.178256989,6.436406612,5.927646160,6.099106312,5.359262466,5.425189495,5.590319157,5.866630077,5.268241882,5.246464729,5.907410622,5.825631142,5.235982895,6.120714188,5.927108288,5.950603008,6.068934917,6.005105495,5.939156055,6.060311317,5.943433762]},"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.GoogleHangoutDuo","proto_id":"30.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01346{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147591534,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1647958147591534,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.GoogleHangoutDuo","proto_id":"30.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018957379,"flow_dst_last_pkt_time":1643626018908035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1647958147591534,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00581{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","packets-captured":185,"packets-processed":185,"total-skipped-flows":0,"total-l4-payload-len":17222,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":1,"total-updates":3,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_usec":1647958147591534} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 170/170 +~~ packets captured/processed: 185/185 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 15998 bytes -~~ total detected protocols..: 4 -~~ total active/idle flows...: 4/4 +~~ total layer4 data length..: 17222 bytes +~~ total detected protocols..: 5 +~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7977377 bytes -~~ total memory freed........: 7977377 bytes -~~ total allocations/frees...: 148491/148491 +~~ total memory allocated....: 7611761 bytes +~~ total memory freed........: 7611761 bytes +~~ total allocations/frees...: 142925/142925 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars -~~ json string max len.......: 2355 chars -~~ json string avg len.......: 1431 chars +~~ json string max len.......: 2572 chars +~~ json string avg len.......: 1534 chars diff --git a/test/results/default/stun_classic.pcap.out b/test/results/default/stun_classic.pcap.out new file mode 100644 index 000000000..1f2c80899 --- /dev/null +++ b/test/results/default/stun_classic.pcap.out @@ -0,0 +1,26 @@ +00513{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00576{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1343740773475497} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773475497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1343740773475497,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773475497,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1343740773475497,"pkt":"AAwpNoBVAAQTMSCJCABFoAA4AABAAEARYv+sED\/grBA\/FdcKNoYAJLX1AAEACJQp74gpTdUmMscpMcuNu0wAAwAEAAAAAA=="} +00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773475559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1343740773475559,"pkt":"AAQTMSCJAAwpNoBVCABFuAA8AABAAEARYuOsED8VrBA\/4DaG1woAKPHqAQEADJQp74gpTdUmMscpMcuNu0wAAQAIAAHXCqwQP+A="} +00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773518458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1343740773518458,"pkt":"AAQTMSCJAAwpNoBVCABFuAA8AABAAEARYuOsED8VrBA\/4DaG1woAKK\/2gJKuFQTp+Zg6ptkiktiFIAD61K+9LBnIwoNfshVpLdY="} +00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773519014,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1343740773519014,"pkt":"AAQTMSCJAAwpNoBVCABFuAA8AABAAEARYuOsED8VrBA\/4DaG1woAKIHYgBKuFgTp+jg6ptkixFMgl8ob0pereNKsssPr4lzFXNo="} +00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773519635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1343740773519635,"pkt":"AAQTMSCJAAwpNoBVCABFuAA8AABAAEARYuOsED8VrBA\/4DaG1woAKGlAgBKuFwTp+tg6ptki+Hq86nrAqyROkV67ctF76o6uaf8="} +01155{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773519635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1343740773519635,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.RTP","proto_id":"78.87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"","stun": {"num_pkts":2,"num_binding_requests":1,"num_processed_pkts":2}}} +01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":13,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773708889,"flow_dst_last_pkt_time":1343740773691032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1343740773708889,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.RTP","proto_id":"78.87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} +00584{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","packets-captured":22,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1343740773708889} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 22/22 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 700 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7594398 bytes +~~ total memory freed........: 7594398 bytes +~~ total allocations/frees...: 142712/142712 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 518 chars +~~ json string max len.......: 1160 chars +~~ json string avg len.......: 815 chars diff --git a/test/results/default/stun_google_meet.pcapng.out b/test/results/default/stun_google_meet.pcapng.out new file mode 100644 index 000000000..8ff160c1a --- /dev/null +++ b/test/results/default/stun_google_meet.pcapng.out @@ -0,0 +1,68 @@ +00519{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00582{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1687685002250009} +00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250009,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685002250009,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFppAAEARi+LAqAycSn2Af5UIS2YAHMbcAAEAACESpEJrQUdOTnp2SE5INTk="} +00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002250407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250407,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002250407,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685002250407,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFptAAEARi+HAqAycSn2Af7FYS2YAHPW+AAEAACESpEI5R2RXSytLQjJQSUU="} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002268181,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685002268181,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmlQgAKIBgAQEADCESpEJrQUdOTnp2SE5INTkAIAAIAAG5anwxD5M="} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002268368,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685002268368,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmsVgAKK9BAQEADCESpEI5R2RXSytLQjJQSUUAIAAIAAG5a3wxD5M="} +00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003685843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003685843,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003685843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685003685843,"pkt":"CL6sCxduJjb1W8R1CABFAACYqbBAAEAR4hnAqAycjvpSTJUIS2kAhI1dAAEAaCESpEJmUVJDSFcxSjg2d0gABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAkAARufx7\/wFkAAgABAAAACAAUSRkFwEU4Xe2ByBahcg5+zSK7DUGAKAAE7yXU\/g=="} +00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685003713559,"pkt":"Jjb1W8R1CL6sCxduCABFgABcAAAAACkR4oaO+lJMwKgMnEtplQgASIF0AQEALCESpEJmUVJDSFcxSjg2d0gAIAAIAAG5anwxD5MACAAUnCbUxns7ByhLQe3gWJggj2fuRtmAKAAEzTlfeQ=="} +00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003846345,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003846345,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003846345,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003846345,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685003846345,"pkt":"CL6sCxduJjb1W8R1CABFAACYqb1AAEAR4gzAqAycjvpSTLFYS2kAhPiuAAEAaCESpEJ5eUQvQ0MySmgwQzgABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/wFkAAgABAAAACAAU4qPC0PvptNKr3xno5a6znzZ8MzGAKAAEv54I6w=="} +00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1687685003850184,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1687685003850184,"pkt":"CL6sCxduJjb1W8R1CABFAACUqb5AAEAR4g\/AqAycjvpSTJUIS2kAgFc2AAEAZCESpEJDY3Vnd0VjS3M1U3EABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAlAAAAJAAEbn8e\/wAIABQRBPG5ZvdojwQrf8+QT0UUl+pOj4AoAAQCVNkR"} +01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003850184,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1687685003850184,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":3,"num_binding_requests":2,"num_processed_pkts":3}}} +00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1687685003855449,"pkt":"CL6sCxduJjb1W8R1CABFAAC5qb9AAEAR4enAqAycjvpSTJUIS2kApae7Fv7\/AAAAAAAAAAAAkAEAAIQAAAAAAAAAhP79U8QvlMKD8CG3V6IBJXGiID2FZCQNFMTf8XUxGUuriccAAAAWwCvAL8ypzKjACcATwArAFACcAC8ANQEAAEQAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAA4ACQAGAAEACAAHAA=="} +00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003867991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685003867991,"pkt":"Jjb1W8R1CL6sCxduCABFgABcAAAAACkR4oaO+lJMwKgMnEtplQgASHlbAQEALCESpEJDY3Vnd0VjS3M1U3EAIAAIAAG5anwxD5MACAAUwCCc9hgGT3NviGnhjeZxerIm0rSAKAAEHcTQ5Q=="} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003871067,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685003871067,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnEtpsVgASNxmAQEALCESpEJ5eUQvQ0MySmgwQzgAIAAIAAG5a3wxD5MACAAUaD29YF1YYGCxoofK6W8JUGRlPi2AKAAEqdOw\/Q=="} +01181{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1687685003846345,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003871067,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1687685003871067,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} +02289{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":27,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003919073,"flow_dst_last_pkt_time":1687685003929116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":1027,"flow_dst_tot_l4_payload_len":7356,"midstream":0,"thread_ts_usec":1687685003929116,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":15371.1,"max":164341,"stddev":39368.1,"var":1549851008.0,"ent":2.4,"data": [27716,164341,5265,154432,6654,36352,35377,88,7,4,14,5,6,4,5,33,4,8,4,4,4,4,27272,18857,13,4,4,9,4,5,4]},"pktlen": {"min":65,"avg":290.0,"max":1231,"stddev":203.2,"var":41279.0,"ent":4.7,"data": [152,92,148,185,92,1231,573,598,65,288,288,288,288,288,288,288,288,288,288,288,288,288,109,109,288,288,288,165,288,288,288,288]},"bins": {"c_to_s": [0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,3,0,1,0,0,0,20,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1],"entropies": [5.938431740,5.693446159,5.907145500,4.997817039,5.679912090,7.332775593,6.760993004,7.409891605,4.603593349,7.060424328,7.083664894,7.159259796,7.130215645,7.048931122,7.046199322,7.094227314,7.077503204,7.049725533,7.095977306,7.143758297,7.077943802,7.098464012,5.672235966,5.727212906,7.040598869,7.076782703,7.038190842,6.382246494,7.161954880,7.089690685,7.073032856,7.083381176]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1687685004461444,"flow_dst_last_pkt_time":1687685003871067,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1687685004461444,"pkt":"CL6sCxduJjb1W8R1CABFAACQqfNAAEAR4d7AqAycjvpSTLFYS2kAfJPgAAEAYCESpEJGRUJQYzFVQThCU1AABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/AAgAFJQqoiZNzooLvSeLzTVTKlh5edo9gCgABHuCmMA="} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1687685004461444,"flow_dst_last_pkt_time":1687685004479004,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685004479004,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnEtpsVgASO9LAQEALCESpEJGRUJQYzFVQThCU1AAIAAIAAG5a3wxD5MACAAUZp5QRw5NXPsy5Qrlhatah3HbNzqAKAAE\/XolSw=="} +00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004552860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685004552860,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004552860,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685004552860,"pkt":"CL6sCxduJjb1W8R1CABFAACYqfxAAEAR4c3AqAycjvpSTJUIDZYAhMEOAAEAaCESpEJkZjhUNVpmTjU5SmwABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAkAARufx7\/wFkAAgABAAAACAAU\/8e7e1q7nO+JanZDE+IEZSthIJKAKAAEX0MtGQ=="} +01171{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004552860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685004552860,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004581588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685004581588,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WlQgASCeyAQEALCESpEJkZjhUNVpmTjU5SmwAIAAIAAG5anwxD5MACAAUknV2wFqXEiEKuyN60myVdsDzL\/aAKAAEo4ih3Q=="} +00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1687685004584424,"flow_dst_last_pkt_time":1687685004581588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1687685004584424,"pkt":"CL6sCxduJjb1W8R1CABFAACUqf9AAEAR4c7AqAycjvpSTJUIDZYAgLy7AAEAZCESpEJJam5UNEJmQVFiVEMABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAlAAAAJAAEbn8e\/wAIABTB+QY1ErQZS1eZfETcnOWmhQrDlIAoAAQyeiKC"} +00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1687685004584424,"flow_dst_last_pkt_time":1687685004602242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685004602242,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WlQgASIipAQEALCESpEJJam5UNEJmQVFiVEMAIAAIAAG5anwxD5MACAAUNyYqXJb8YAlyLHDvuycWYeMvOtaAKAAEKV9M7g=="} +00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1687685004641696,"flow_dst_last_pkt_time":1687685004602242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1687685004641696,"pkt":"CL6sCxduJjb1W8R1CABFAACUqgBAAEAR4c3AqAycjvpSTJUIDZYAgPdGAAEAZCESpEIybDZuYTBpandaOWEABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAlAAAAJAAEbn8e\/wAIABTU+ZYmIa5GK5iS7Yttc1wYBV3aaIAoAATzHAuQ"} +00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005044008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685005044008,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005044008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685005044008,"pkt":"CL6sCxduJjb1W8R1CABFAACYqhVAAEAR4bTAqAycjvpSTLFYDZYAhPO5AAEAaCESpEI1dDZmdW80dXd2ZFEABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/wFkAAgABAAAACAAUwxd71h3E7agGXCWb8vXAdS7WxdiAKAAE3AMc7g=="} +00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005074246,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685005074246,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WsVgASDkIAQEALCESpEI1dDZmdW80dXd2ZFEAIAAIAAG5a3wxD5MACAAUKJAPNrjYz21z+bHY5KMtFb5duTSAKAAE5XSGkg=="} +00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1687685005134784,"flow_dst_last_pkt_time":1687685005074246,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1687685005134784,"pkt":"CL6sCxduJjb1W8R1CABFAACQqhdAAEAR4brAqAycjvpSTLFYDZYAfBEPAAEAYCESpEJMdTA0T2pTbmZiWUwABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/AAgAFCDz+0pfbrz6PIl8RjxJCBwiBtxogCgABB6deew="} +01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685005134784,"flow_dst_last_pkt_time":1687685005074246,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1687685005134784,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":3,"num_binding_requests":2,"num_processed_pkts":3}}} +00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1687685005134784,"flow_dst_last_pkt_time":1687685005152424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685005152424,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WsVgASIG9AQEALCESpEJMdTA0T2pTbmZiWUwAIAAIAAG5a3wxD5MACAAUuQ1+j1g08fL3se212BIsEXEi+UiAKAAE2tP0Qg=="} +00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1687685006880453,"flow_dst_last_pkt_time":1687685005152424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1687685006880453,"pkt":"CL6sCxduJjb1W8R1CABFAACQqo5AAEAR4UPAqAycjvpSTLFYDZYAfBw7AAEAYCESpEJkc3FYeGtnZGhzUlgABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/AAgAFPlpNUakcs8YpG4lPzhlKqXBYvLJgCgABLD\/\/FE="} +02356{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685007476840,"flow_dst_last_pkt_time":1687685007173710,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":1668,"flow_dst_tot_l4_payload_len":977,"midstream":0,"thread_ts_usec":1687685007476840,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":286,"avg":178865.5,"max":1000041,"stddev":232359.1,"var":53990768640.0,"ent":4.0,"data": [28728,31564,20654,57272,57107,114859,326724,7631,286,359302,399475,20851,399538,20813,60291,761585,238269,310501,33128,16660,106522,1355,298484,11725,401011,18917,1000041,80368,40305,278612,42252]},"pktlen": {"min":68,"avg":110.7,"max":565,"stddev":85.7,"var":7337.9,"ent":4.8,"data": [152,92,148,92,148,92,565,91,73,93,68,107,73,91,73,148,92,68,80,91,73,80,80,107,73,91,73,68,148,92,128,91]},"bins": {"c_to_s": [0,14,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0],"entropies": [6.010119915,5.593475819,5.960068226,5.666897774,6.019278049,5.652763844,7.600190163,5.996479034,5.525039673,5.555425644,5.480339050,5.729862213,5.662026882,5.878293514,5.487302303,5.954136372,5.579943180,5.333281517,5.766850948,6.062412739,5.607231617,5.697978497,5.816851616,5.767245293,5.504358292,5.886589527,5.579834938,5.333281517,5.923795223,5.623420238,6.336440086,5.996479034]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1687685012276569,"flow_dst_last_pkt_time":1687685002268181,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685012276569,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFwhAAEARi3TAqAycSn2Af5UIS2YAHLudAAEAACESpEJId3pvTWRNK3NxNSs="} +01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685012276569,"flow_dst_last_pkt_time":1687685002268181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1687685012276569,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1687685012277026,"flow_dst_last_pkt_time":1687685002268368,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685012277026,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFwlAAEARi3PAqAycSn2Af7FYS2YAHH+BAAEAACESpEJ3NDhicURMWGJEVmc="} +01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685012277026,"flow_dst_last_pkt_time":1687685002268368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1687685012277026,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1687685012276569,"flow_dst_last_pkt_time":1687685012293995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685012293995,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmlQgAKHUhAQEADCESpEJId3pvTWRNK3NxNSsAIAAIAAG5anwxD5M="} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1687685012277026,"flow_dst_last_pkt_time":1687685012294220,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685012294220,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmsVgAKDkEAQEADCESpEJ3NDhicURMWGJEVmcAIAAIAAG5a3wxD5M="} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1687685022297743,"flow_dst_last_pkt_time":1687685012293995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685022297743,"pkt":"CL6sCxduJjb1W8R1CABFAAAwGNNAAEARianAqAycSn2Af5UIS2YAHKJSAAEAACESpEJyZU55VnlHRHFRT3A="} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1687685022298017,"flow_dst_last_pkt_time":1687685012294220,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685022298017,"pkt":"CL6sCxduJjb1W8R1CABFAAAwGNRAAEARiajAqAycSn2Af7FYS2YAHLRsAAEAACESpEJrNHRjRWNhcTQ3NlA="} +02278{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685041837696,"flow_dst_last_pkt_time":1687685041855156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":1864,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1687685041855156,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":30238,"avg":2374349.5,"max":8437597,"stddev":2513707.0,"var":6318722646016.0,"ent":4.3,"data": [30238,90776,78178,1745669,1745625,749698,749771,2799723,2799844,3108626,3108432,997539,997498,1610326,1610265,582546,582775,6554830,6554484,8437477,8437597,882386,882517,6551657,6551432,792405,792639,992950,992997,897080,896856]},"pktlen": {"min":92,"avg":118.2,"max":152,"stddev":26.3,"var":690.9,"ent":5.0,"data": [152,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92]},"bins": {"c_to_s": [0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [6.041833401,5.593477249,6.058853149,5.579942226,5.987570286,5.506519794,6.008540154,5.558203220,6.054466248,5.666898727,5.907513618,5.762059689,6.055450439,5.636953354,6.025833607,5.636953354,6.114410400,5.631624699,5.992813587,5.636953831,6.027671337,5.623420238,5.998055458,5.639230251,6.058160305,5.571735382,6.015348434,5.740320206,6.043981075,5.718581200,5.986004829,5.718581676]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01137{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1687685003846345,"flow_src_last_pkt_time":1687685004461444,"flow_dst_last_pkt_time":1687685004479004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685059743208,"flow_dst_last_pkt_time":1687685041855156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685052357802,"flow_dst_last_pkt_time":1687685052375389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01143{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":46,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685004555487,"flow_dst_last_pkt_time":1687685004163202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":2858,"flow_dst_tot_l4_payload_len":10256,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01133{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":24,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685011180562,"flow_dst_last_pkt_time":1687685011133449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":5092,"flow_dst_tot_l4_payload_len":2517,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685052357557,"flow_dst_last_pkt_time":1687685052375005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00595{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","packets-captured":214,"packets-processed":214,"total-skipped-flows":0,"total-l4-payload-len":24719,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1687685059743208} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 214/214 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 24719 bytes +~~ total detected protocols..: 6 +~~ total active/idle flows...: 6/6 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7610586 bytes +~~ total memory freed........: 7610586 bytes +~~ total allocations/frees...: 142959/142959 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 524 chars +~~ json string max len.......: 2361 chars +~~ json string avg len.......: 1441 chars diff --git a/test/results/default/stun_msteams_unidir.pcapng.out b/test/results/default/stun_msteams_unidir.pcapng.out new file mode 100644 index 000000000..08357a4b2 --- /dev/null +++ b/test/results/default/stun_msteams_unidir.pcapng.out @@ -0,0 +1,26 @@ +00522{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00585{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744005970632} +00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744005970632,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744005970632,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744005970632,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1618744005970632,"pkt":"AAAAAAAAAAUA5TB2CABFAABkOG0AAG4RTXE0c4g3CgAAAQ2Xw1YAUAESAQEANCESpEJWcAnCrgDmmNmPAZCAcAAEAAAABwAgAAgAAeJEc6CbOQAIABQIHBh8TPkDR23jBTje41VGgqHl0IAoAARRPQxU"} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744006480313,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1618744006480313,"pkt":"AAAAAAAAAAUA5TB2CABFAABDOHAAAG4RTY80c4g3CgAAAQ2Xw1YAL7urgMkABQAAA+hURUE7b2gVFPqcmMldelzzgAChXgHj5LmQ6OP80uFw"} +02175{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1618744006480313,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1257,"pkt_l4_len":1223,"thread_ts_usec":1618744006480313,"pkt":"AAAAAAAAAAUA5TB2CABFAATbOHEAAG4RSPY0c4g3CgAAAQ2Xw1YExyyCgMkBKwAAA+g04NBQkTiMlctbYK4Ra5ZLFxfT\/GCsQYdz1vjgNQA1Yv3zTqyHRqqkzmfn4FhRBqYB99GgUjrRqOuhvmKcA\/Lt3E3NRJRdu306hPEpD00o2CCAYtDvSrHOD4KmaFm31I8JRlmZcekFc3KGedIrt39z66JpA2S2KmkNos15cl6k7bkUhHDVz\/noudmFAm+ttAqMeR2Ht229wsfef49c1wB2VCP6NMdq52i\/BsRt2Yriaf9JgkkwxZ0hOmElJhbth\/\/VOXxqWfx3hsmECk+3sBNLLbKQSZoen3KPLK5dl97FeVlHMA5zrUT2\/PXyL3OGPD+KQexREy\/ycs\/cK+vthQcxym2f9SUSiZUDDnSG8vu0797yG6+njY7z78b9u8mhN418L25e7RzNDgrGrD+Nwn5OYf\/Yn93Seenj9qPgzXbLOrDc\/uNKkrw8rHlnLqGggO\/SqOqn50rngJzGCxrrQa7AHRZu3m7rTK8x3M0ojCGv9Y7R9xSdmM2f7qCdpYZmmF7Nu9K9FnvXeGbSdOqvGbjq3IWoNDra5tmx8c5h5XZSMwgKmO00OZOj7W4u074hccuoJwD7XP6y8qhc\/+Rc1\/AHpXtZAFft02QWkdGiP1+w1\/OHU009QR7q6DXiQ1TiPTKyZtHJEIhTxoFs\/YB5jjmyn5qGDMtVVPYPTYJ\/Zrmmb3ENsnPkOzZ7WIhjLZblk+9B32L6\/6LCfZx4WGEO5d2GJO34mReC8CpkBOWQsm+XgYIGkqJzetGxpQdPcq59PDDvC0dhjtBOJ90b9q\/JOrIrC0Aa6OoYQMATGO\/+bBvUwbLqEcEVwsKW3zh96a9ST4YRXrd3hQEEk4nHmOryRc\/t34lz8iH4+2S2OaK3IpD1rDpQ9UQ+fkW0Twbc2YUqgB0ltG2iNX2JaewC62q3ln3vK4i49OPjfED+CAusbaqzYuPvj2lg61xa6bBXuHaE3R2z5SHs0kH03NOgtoEpedOZ6eol1piYdkHRIqW\/uV3m1ZvSHgLaIKVS2bToeI8mpiIB8cvCRRlYcXdVnnGBeU21nIq6ptov2ipm1j142PWQtY0YPI3NHkLy2mhKuRjr8YYuwrJl2KxP0OYFdrhKF2bcXqbJytKrShR9597UTHHw6ukhv2m19IjNYDMEts9YNaN1IwixG8DsyKB+bAfvfh9ALZOLJQQLAO0v1oUPVU2yNZ9QAdo773Q1R81glQvHRCzRxfhJP1+0GSDlQwcLtXPIyyOQv9M5dfKmjl9znQFz+BvQpsCkv0rNyKmREyfBQ2\/i1DpywnKQXTEJyaBxDtZshq6xz\/4TH3dhWt5AC84ZpNxQAoUzyhoLWwiRcnrUUuI6rWJE9sI2mRklLdt1rpIpRECWbKRULyWCHLkNfER1zgLftc3aTijTVu0MUnu7bpPtDBRIs2GNiIK9Kwj2QDP3FUDViBP+ekkyn+MfxL1\/SMG1vf5rrAzWe961dxAdmfvFgU3Yf\/ge6w39I1pB46H9wAeViPTu5xA8L3xhUb2KynqSUAJbxGTEGGSRDvQhWhaLJBn+pvcnB\/C\/N7E0W+kyjyN6SYxyKhkihBNZihCaRhGeNNnSxmvdgAChXwFNTpX4H6DrGf6c"} +02170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1618744006480360,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1257,"pkt_l4_len":1223,"thread_ts_usec":1618744006480360,"pkt":"AAAAAAAAAAUA5TB2CABFAATbOHIAAG4RSPU0c4g3CgAAAQ2Xw1YEx\/GBgMkBKwAAA+gk6GdnQrq1sxg2rp3tQsLgw0gVWymTaLOvFHT9ui9D7gDmu\/IOxaHejjGputpbrUbXgAbO8Er99xmHrDIMUbUtyv51Hl7AneuGh6Dd2p5b\/VwN4FXKvV+F+9SbOhEAXHBCYBh8VFS+gkvRvb5DM05KtlLw3IlGYKJIjBf+U9MtVgNdPrr\/SUHwUJnVhqaFyMbeFNwwwjKt6W2sHlQ72rrpPBq4S3rd+Oe6kEb1pEYreq6bW1jEGHdkOV0iMK0Jrk+7Mr\/iAK1zlpK6Lr\/o+CIxRNeX3vLHLOFk63nkefy0IYKoOev6VK0c2oTcvttvlpvT4nuVeCtO34N9H1eF6gZ5iQfmgYZnv8JY6Gse5CnhCmALTKVCNIzytzsvQP5nntxH1Re9YTf38i1Wn7vQ3q\/GsfKaeEQFnApXe7KiW0ezdf7Wa1SQ\/gCnbIJs2390UpYixvatPIUurguPoVkFZUWMx21eEdysM9loFemtygvGTTFEr6TVPztELotocBHR05nFbKhmEumGH0VD11Z9Zn00I6Qcy9GrBja9dX7AMG9MWIh6dO1uT6Q7K32st76EZcJMPK6jf2mRRu2rmKjvy3iyMJI4zao8WBQ+RS\/q1HkmDaQQfOMGlzLEy24bXJ6bl6jeHzl0VrhmJ5lIBGm6YxLbNAWKJK7pW\/1+e9nAUIpqcna3GU7DZqjcDQYLYcYGbYl9MxJ8yJtwv8TUlEzOgeoR6gLH8odQhnVskEi9WnOkrb0FXzeU5vpLKLTevAisomyWbIJAQXW1jmnCMnZsU9bXqz6gsW9rOvE8aIwRLWzn72RU+B+rD13+E7VdNEQu+CxTs0HXh5eswjm+jKjiL4XIN+B1HyAFjm7gfxpPZVA0VXGgVxcb6ECAUg91y2oSFlfwSzKSqlpnM5GjsmkEEgIWKh+jaRFv7w\/leDpePcdailRyGFuKP2FfSJQST2W2zlQrMF\/oNUjP6aZdNaxzoSoCXMJd7Up\/mt8RqMgsrWcYUMHvQ06h+exj898vCZtB1V+TLwW9uBektzF+CXOqqrF1Z9FSLK6FRk\/mRj4sDj4kh9egaoIbswL\/TUDlkzUlOiGsXKLhjW3tS3FyfPt1tfezIXGHEh4EW60zksXjIEgJDPLc\/qO4WG42aNVJdylffvScrUJ3xzSfGuM0vqgfMiB+3CM4zhYcDJCEucrnFdmhMiEQPdR7A9TRXrNULsYoSroOvapvGllOcBcM6yVEVim0NhZ6IqBqdVPRFgM6TEKUId6MqCsrZOn505zSvp6uI+iYbTVt2vAwVNgy8zy9fIWVcuykSzkvH+d42DP+VXtpttwkWetjb36T\/ZS2XTr7PuIk7Yvla\/G4HlzHMbBpi60aJl0BS37yoR0f2qm9WHw2KnODhEyhAYb4IeKTGj\/HuRy9XbO6k1YH6otSJwQ\/cgkZs2iWIsENJksqX0PSeqfZ7ACHXxQiZEIMG8YTWkv4u7u2JT7ExAILLkiwT\/QQD4jmFyu\/ht83e0GIjVy9NYLfpkj64XFHRO7PLRYwx8ki+XfUPsu1+DA2BfaB3A+I8\/B11Z4sg+PtwrTD3Q9hvnk7uPTQPIiGzwEGgAChYAHgggO6ksVgq664"} +00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1618744006794573,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_usec":1618744006794573,"pkt":"AAAAAAAAAAUA5TB2CABFAACHOHQAAG4RTUc0c4g3CgAAAQ2Xw1YAc6HlgMgADgAAA+hZLCORUikt0lMMVuqc62jK8b9ObVoTSM\/lJgLtxS1nRRDaLJ4KDYgtyq2PsWx4ZAx8e0UeKef0\/\/qTc52IDGdgIZ3TuK4YxTFWM4fkMdciSGlScqeAAKFiAVZYWPTPO\/w0aQ0="} +01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744008391145,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2792,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744008391145,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_Teams","proto_id":"78.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":3,"num_binding_requests":0,"num_processed_pkts":3}}} +01235{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744010505540,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5440,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744010505540,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_Teams","proto_id":"78.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00594{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":5440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1618744010505540} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 12/12 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 5440 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7594108 bytes +~~ total memory freed........: 7594108 bytes +~~ total allocations/frees...: 142702/142702 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 527 chars +~~ json string max len.......: 2180 chars +~~ json string avg len.......: 1341 chars diff --git a/test/results/default/stun_signal.pcapng.out b/test/results/default/stun_signal.pcapng.out index 7bc93b353..2173597a0 100644 --- a/test/results/default/stun_signal.pcapng.out +++ b/test/results/default/stun_signal.pcapng.out @@ -95,8 +95,8 @@ 01081{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":2,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901964741654,"flow_dst_last_pkt_time":1636901940925734,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636901966826937,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1636901967279945,"flow_dst_last_pkt_time":1636901957525218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901967279945,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwfCFAAEARys3AqAyprP15f6g8S2YAHDMFAAEAACESpEI4KzdNdk9qTHloVm0="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1636901967305260,"flow_dst_last_pkt_time":1636901957551924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901967305260,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwfCRAAEARysrAqAyprP15f5wOS2YAHCjCAAEAACESpEJCTndzakJKdHNsVHY="} -01177{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901967532099,"flow_dst_last_pkt_time":1636901967653267,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1636901967653267,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":3,"num_binding_requests":4,"num_processed_pkts":3}}} -01177{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901967553880,"flow_dst_last_pkt_time":1636901967684533,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1636901967684533,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":2,"num_binding_requests":4,"num_processed_pkts":2}}} +01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901967532099,"flow_dst_last_pkt_time":1636901967653267,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1636901967653267,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":4,"num_processed_pkts":3}}} +01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901967553880,"flow_dst_last_pkt_time":1636901967684533,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1636901967684533,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":4,"num_processed_pkts":3}}} 02297{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":2,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901940925734,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636901980739508,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":15,"avg":1596705.0,"max":17079364,"stddev":3547473.5,"var":12584568750080.0,"ent":2.8,"data": [4084,63003,42,180775,3510,1499231,2002773,15,4841966,76,17079364,30045,28084,9989,178591,30710,1472432,2000483,30998,3968781,29896,37348,7808,7927339,28492,35381,6539,7931223,29238,34577,5065]},"pktlen": {"min":76,"avg":81.5,"max":124,"stddev":11.6,"var":133.8,"ent":5.0,"data": [76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84]},"bins": {"c_to_s": [0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.045846939,5.151109695,5.089153290,5.017724991,5.072162628,5.124794006,5.045846939,5.035913944,5.088545322,5.533661366,5.689179420,4.953483582,4.999665260,4.975942135,4.999751568,4.937100887,4.999665260,5.025980949,5.025980949,4.999665260,4.989732265,4.983282089,4.999751568,4.975942135,5.025980949,5.062229633,5.056357384,5.008738518,4.999665260,5.035913944,5.008738041,5.056357384]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01224{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00794{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -106,10 +106,8 @@ 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998588925,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdlAAEARxRXAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} -01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998589226,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998589226,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdpAAEARxRTAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="} -01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998589226,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637116,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998637116,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EdAAEAR8rLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -137,6 +135,7 @@ 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998676426,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901998676426,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVYAAOMBFpAjnnrTwKgMqQMDaPUAAAAARQAAONxPQAAgERKjwKgMqSOeetOUUgG7ACS3UAADAAghEqRCcXF0MnJ1Mk16MmtvABkABBEAAAA="} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998684473,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1636901998684473,"pkt":"CL6sCxdumt9Y+uvcCABFAACM3FFAAEAR8kzAqAypI55605RSDZYAeCtfAAMAXCESpEJzQVJaQW1IdkdKV0kAGQAEEQAAAAAGABQxNjM2OTg4Mzk4OjE3NTI0MDc5OAAUAApzaWduYWwub3JnAAAAFQAQNjMxMTI0YWVlMWQxMzQ1MAAIABSPAYmQd4zQiPDDbTAeeOez+Voceg=="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998865284,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgexAAEARxQLAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} +01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998865284,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":1,"num_processed_pkts":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998865349,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwge1AAEARxQHAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998885173,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998885173,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FdAAEAR8qLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} 01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998885173,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998885173,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} @@ -168,33 +167,34 @@ 02452{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002442030,"flow_dst_last_pkt_time":1636902002440493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1068,"flow_dst_tot_l4_payload_len":1052,"midstream":0,"thread_ts_usec":1636902002442030,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":43,"avg":152743.5,"max":665020,"stddev":189167.3,"var":35784253440.0,"ent":4.0,"data": [68482,50,70303,29273,44732,113365,45,43187,26522,8477,31033,313588,306,410657,43,665020,630540,122450,190474,61616,378076,7868,325508,42160,76005,424878,96788,5410,434339,47676,66176]},"pktlen": {"min":56,"avg":94.2,"max":132,"stddev":24.6,"var":605.9,"ent":4.9,"data": [124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92]},"bins": {"c_to_s": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0],"entropies": [5.861794472,5.759229183,5.867881298,5.702216148,5.875429153,5.754216671,5.819118500,5.958508492,5.832649708,5.805582047,5.875729084,5.797377586,5.796609879,5.155043602,5.748991013,5.105850220,5.758409977,5.819116116,5.891858101,5.702215672,5.716967583,5.862202168,5.155044079,5.141563416,5.119328976,5.772800446,5.887964725,5.772800446,5.119329453,5.783843040,5.817300797,5.830357552]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01126{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01224{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01135{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01117{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01125{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01225{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01128{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01135{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901977940450,"flow_dst_last_pkt_time":1636901978319285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01117{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901977940450,"flow_dst_last_pkt_time":1636901978319285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01081{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":4,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901987911616,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1636902008969021,"flow_dst_last_pkt_time":1636901999242071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636902008969021,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwhaxAAEARwULAqAyprP15f5RSS2YAHHeOAAEAACESpEJORW10V0g4dmFhQnE="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1636902008970187,"flow_dst_last_pkt_time":1636901999242113,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636902008970187,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwha1AAEARwUHAqAyprP15f7qXS2YAHGY1AAEAACESpEI5bGJNUnBSbytQbnU="} +01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636902009219801,"flow_dst_last_pkt_time":1636902009345395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1636902009345395,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":4,"num_processed_pkts":3}}} 01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636902021365208,"flow_dst_last_pkt_time":1636902021381899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":744,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01222{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01222{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01240{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000121229,"flow_dst_last_pkt_time":1636902000208503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":224,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01133{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01035{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":2,"num_binding_requests":2,"num_processed_pkts":2}}} 00792{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01234{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01235{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636902014416950,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01234{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01243{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636902019600785,"flow_dst_last_pkt_time":1636902019979253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01237{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636902019600785,"flow_dst_last_pkt_time":1636902019979253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636902014417770,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01133{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901977940450,"flow_dst_last_pkt_time":1636901978319285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01243{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636902019597330,"flow_dst_last_pkt_time":1636902019976482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901977940450,"flow_dst_last_pkt_time":1636901978319285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636902019597330,"flow_dst_last_pkt_time":1636902019976482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01245{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":35,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002659586,"flow_dst_last_pkt_time":1636902002742599,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":1144,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01080{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":2,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636902014432732,"flow_dst_last_pkt_time":1636902021384737,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1000,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":4,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901987911616,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -209,9 +209,9 @@ ~~ total active/idle flows...: 23/23 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8023771 bytes -~~ total memory freed........: 8023771 bytes -~~ total allocations/frees...: 148995/148995 +~~ total memory allocated....: 7653960 bytes +~~ total memory freed........: 7653960 bytes +~~ total allocations/frees...: 143398/143398 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 2457 chars diff --git a/test/results/default/stun_wa_call.pcapng.out b/test/results/default/stun_wa_call.pcapng.out new file mode 100644 index 000000000..2f85ab5dd --- /dev/null +++ b/test/results/default/stun_wa_call.pcapng.out @@ -0,0 +1,125 @@ +00515{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00578{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1676659968029444} +00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968029444,"pkt":"CL6sCxduJjb1W8R1CABFwADw\/iFAAEARlLrAqAycXTl747Y8DZYA3LHsAAMAwCESpEJwdYtExyOnTtGTSiVAAACWCQK2KB7zQ7qLyqomatrasQEu9DL3wZ7hCtWVyMuhXanwNF5C+CJQZxH6MYVnGTbF6jGFc8Ra7q+tUTra0vtHBZoPsqgDXOfgB5x1\/6e\/ekoB1CeD7MsRipcZjz4uFoBrVRmh8t\/rSICod6ktukvIiZ6yItLQ7Y8kTJkbjPTyOKYPsF+LjDRbuhMBEHxTecFVlM8fNhbBAAAAFgAIAAEshHwr36EACAAUJM4QSLb1BesAMLdUeEcTNdZmV28="} +01160{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968029608,"pkt":"CL6sCxduJjb1W8R1CABFwADw\/iJAAEARlLnAqAycXTl747Y8DZYA3ICVAAMAwCESpEJwdYtExyOnTtGTSiZAAACWCQK2KB7zQ7qLyqomatrasQEu9DL3wZ7hCtWVyMuhXanwNF5C+CJQZxH6MYVnGTbF6jGFc8Ra7q+tUTra0vtHBZoPsqgDXOfgB5x1\/6e\/ekoB1CeD7MsRipcZjz4uFoBrVRmh8t\/rSICod6ktukvIiZ6yItLQ7Y8kTJkbjPTyOKYPsF+LjDRbuhMBEHxTecFVlM8fNhbBAAAAFgAIAAEshHwr36EACAAUYWrisy40lbl9bq4cXAmMmnnA\/ig="} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035471,"pkt":"CL6sCxduJjb1W8R1CABFwADwfTlAAEARhZDAqAycnfDLPrY8DZYA3GV0AAMAwCESpEJwdYtExyOnTtGTSidAAACWCQMtTkgnCkB3mlyHo2hELpK34qN\/tn27kX9DRUmi65QznJnJXr0IVJ+d4Fxix8NmNcmsfFkQLOW6576+A4JwNmi2uSQdWXRM2VKcszNCnJz207wH1jUAcpCU9XZA6ttuPzt6cvS6PNIk8FwKlWlblH32PnQxSRg2bkLvkOMPE7sKF8F2oGKz69cDRT5LGhyKnJSGY5lnAAAAFgAIAAEshLzib3wACAAUAA8jYlqEzFOauoSyCbgYSf5lAAk="} +01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035552,"pkt":"CL6sCxduJjb1W8R1CABFwADwfTpAAEARhY\/AqAycnfDLPrY8DZYA3BLxAAMAwCESpEJwdYtExyOnTtGTSihAAACWCQMtTkgnCkB3mlyHo2hELpK34qN\/tn27kX9DRUmi65QznJnJXr0IVJ+d4Fxix8NmNcmsfFkQLOW6576+A4JwNmi2uSQdWXRM2VKcszNCnJz207wH1jUAcpCU9XZA6ttuPzt6cvS6PNIk8FwKlWlblH32PnQxSRg2bkLvkOMPE7sKF8F2oGKz69cDRT5LGhyKnJSGY5lnAAAAFgAIAAEshLzib3wACAAUhAn28C7qfrkxLYQ0p3TNXw2BfFM="} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035642,"pkt":"CL6sCxduJjb1W8R1CABFwADwj9lAAEARVvDAqAycnfDnPrY8DZYA3J+gAAMAwCESpEJwdYtExyOnTtGTSilAAACWCQNxyDQh65HCwK\/NwM57eGVAnp73+KYPg1k+lNrVEVkNPnu5t9hC5BRxAv+1EaOtzlbgzlIq2\/WPsB5SRMDksABVRMTM9J4aDhkK8p1864X++Y5SKMM+YDG4F3l8CE9EEsygUCuw1FeaQaDvzERSEqz4d5mYYPBEmipy1b3wHHsk5VkyouOLzceIjWTBDv1RY+CT0wD4AAAAFgAIAAEshLziQ3wACAAUBDu46Kp0MzZ62SMrNOCqwnrJBCw="} +01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968036993,"pkt":"CL6sCxduJjb1W8R1CABFwADwj9pAAEARVu\/AqAycnfDnPrY8DZYA3K1KAAMAwCESpEJwdYtExyOnTtGTSipAAACWCQNxyDQh65HCwK\/NwM57eGVAnp73+KYPg1k+lNrVEVkNPnu5t9hC5BRxAv+1EaOtzlbgzlIq2\/WPsB5SRMDksABVRMTM9J4aDhkK8p1864X++Y5SKMM+YDG4F3l8CE9EEsygUCuw1FeaQaDvzERSEqz4d5mYYPBEmipy1b3wHHsk5VkyouOLzceIjWTBDv1RY+CT0wD4AAAAFgAIAAEshLziQ3wACAAUPZihrJHzcl+3y+bEvnKo9qVH+uY="} +00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037054,"pkt":"CL6sCxduJjb1W8R1CABFwADwz9NAAEAR6QHAqAycnfAVM7Y8DZYA3Ij9AAMAwCESpEJwdYtExyOnTtGTSitAAACWCQNaRGvs7+ccuZ\/MfxmbOvUVp8noEHkp7nF6xocCdKtvmOlig71m6+555gD\/mKnSGLIGNRynB98Dn1I4xNjPBc\/JcXx85sPvklgbnR+jKW8z3v+tFyKmLoRYXO+76gRpJvbZMI+O\/1oNzvmh6C\/4OrGc+hLich1SR+QSsMSOS20JWZv3s1la5zjKfswADrKC6jyH7ubtAAAAFgAIAAEshLzisXEACAAUjla64e3RO4Za5yiogz0w5BPrVCA="} +01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037165,"pkt":"CL6sCxduJjb1W8R1CABFwADwz9RAAEAR6QDAqAycnfAVM7Y8DZYA3Ds6AAMAwCESpEJwdYtExyOnTtGTSixAAACWCQNaRGvs7+ccuZ\/MfxmbOvUVp8noEHkp7nF6xocCdKtvmOlig71m6+555gD\/mKnSGLIGNRynB98Dn1I4xNjPBc\/JcXx85sPvklgbnR+jKW8z3v+tFyKmLoRYXO+76gRpJvbZMI+O\/1oNzvmh6C\/4OrGc+hLich1SR+QSsMSOS20JWZv3s1la5zjKfswADrKC6jyH7ubtAAAAFgAIAAEshLzisXEACAAUHONBvdq4CMLPEotcA1cTDrS++GA="} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037404,"pkt":"CL6sCxduJjb1W8R1CABFwADwBWlAAEARBW\/AqAycnfDDMLY8DZYA3EQwAAMAwCESpEJwdYtExyOnTtGTSi1AAACWCQOx8jP4xX+S8mUrXXk2n15fuMSnBwYiWgGrpiuTXvKiSw3Eir1rG\/\/xENKpYnRSCtBCjSrxtliPheTZDngaGDi34a9YHKHQKUIhCjhpwP8Uvudi7up1PRXt6lCRefFe8K3b0jR++YvWvVrmASoE\/yY9XlSxVZ+G0ZOPBL6y2y9ny+kFjdqzj7\/4wvCraZgPwm+CCYR+AAAAFgAIAAEshLziZ3IACAAUYW\/o+S1f89d5dQU1\/5j2oMMTsiw="} +01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037483,"pkt":"CL6sCxduJjb1W8R1CABFwADwBWpAAEARBW7AqAycnfDDMLY8DZYA3L3JAAMAwCESpEJwdYtExyOnTtGTSi5AAACWCQOx8jP4xX+S8mUrXXk2n15fuMSnBwYiWgGrpiuTXvKiSw3Eir1rG\/\/xENKpYnRSCtBCjSrxtliPheTZDngaGDi34a9YHKHQKUIhCjhpwP8Uvudi7up1PRXt6lCRefFe8K3b0jR++YvWvVrmASoE\/yY9XlSxVZ+G0ZOPBL6y2y9ny+kFjdqzj7\/4wvCraZgPwm+CCYR+AAAAFgAIAAEshLziZ3IACAAUN3sV7GYe+yROEsWZI\/FgD4k1DJ4="} +00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037875,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968037875,"pkt":"Jjb1W8R1CL6sCxduCABFAABg\/qtAAFcRfoBdOXvjwKgMnA2WtjwATGHpAQMAMCESpEJwdYtExyOnTtGTSiUAIAAIAAHRJHwxD0FAAgAIAAABhmC4yCcACAAUqnIJzW\/j1X8c\/WgxJFDYTIjCG04="} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037923,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968037923,"pkt":"Jjb1W8R1CL6sCxduCABFAABg\/qxAAFcRfn9dOXvjwKgMnA2WtjwATH+6AQMAMCESpEJwdYtExyOnTtGTSiYAIAAIAAHRJHwxD0FAAgAIAAABhmC4yCcACAAUsXruinhNMVlcZwjO7SsYhIE3y+M="} +00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968044522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968044522,"pkt":"Jjb1W8R1CL6sCxduCABFAABgbwhAAFURgBGd8Ms+wKgMnA2WtjwATEezAQMAMCESpEJwdYtExyOnTtGTSicAIAAIAAHRJHwxD0FAAgAIAAABhmC4yC0ACAAUiLSqHkDyO4Nn0koco41Anoog2hY="} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968044575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968044575,"pkt":"Jjb1W8R1CL6sCxduCABFAABgbwlAAFURgBCd8Ms+wKgMnA2WtjwATDevAQMAMCESpEJwdYtExyOnTtGTSigAIAAIAAHRJHwxD0FAAgAIAAABhmC4yC0ACAAUPpUdGzsHO6o60A2P\/YzAPtGyD14="} +00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968055421,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968055421,"pkt":"Jjb1W8R1CL6sCxduCABFAABgJFBAAFYRrcmd8Oc+wKgMnA2WtjwATEo8AQMAMCESpEJwdYtExyOnTtGTSikAIAAIAAHRJHwxD0FAAgAIAAABhmC4yDIACAAUfe6H1Xa456A0pvmxA+2DiUprJrM="} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968058079,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968058079,"pkt":"Jjb1W8R1CL6sCxduCABFAABgJFJAAFYRrced8Oc+wKgMnA2WtjwATE4+AQMAMCESpEJwdYtExyOnTtGTSioAIAAIAAHRJHwxD0FAAgAIAAABhmC4yDQACAAUwWTirh60\/VHH+ED4aqqQivjmyd4="} +00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968060837,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968060837,"pkt":"Jjb1W8R1CL6sCxduCABFAABgpVxAAFMRAcmd8BUzwKgMnA2WtjwATKdbAQMAMCESpEJwdYtExyOnTtGTSisAIAAIAAHRJHwxD0FAAgAIAAABhmC4yDgACAAUABEIe9NGgDdArgJP1RoA97aa1Do="} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968060888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968060888,"pkt":"Jjb1W8R1CL6sCxduCABFAABgpV1AAFMRAcid8BUzwKgMnA2WtjwATFmEAQMAMCESpEJwdYtExyOnTtGTSiwAIAAIAAHRJHwxD0FAAgAIAAABhmC4yDgACAAUdeov0ALnfOy1FSGpfbM\/gVsZOSo="} +00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968064266,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968064266,"pkt":"Jjb1W8R1CL6sCxduCABFAABg0NlAAFQRJ06d8MMwwKgMnA2WtjwATMmfAQMAMCESpEJwdYtExyOnTtGTSi0AIAAIAAHRJHwxD0FAAgAIAAABhmC4yDQACAAUEauiV+5OdWK08lpoY4KvoDM8wkA="} +00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968064299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968064299,"pkt":"Jjb1W8R1CL6sCxduCABFAABg0NpAAFQRJ02d8MMwwKgMnA2WtjwATLBEAQMAMCESpEJwdYtExyOnTtGTSi4AIAAIAAHRJHwxD0FAAgAIAAABhmC4yDQACAAUBF3x7h5ICsoSF2To96zryfeV154="} +00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659970501672,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1676659970501672,"pkt":"Jjb1W8R1CL6sCxduCABFAABKBqBAAFcRdqJdOXvjwKgMnA2WtjwANj3TgcoAB+FyMapRK5FaypeotDESW84OgO841cZwILWkJxeAAAAB+Wopohy6zZkyGw=="} +00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1676659970535244,"flow_dst_last_pkt_time":1676659968044575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676659970535244,"pkt":"CL6sCxduJjb1W8R1CABFwAEsfaFAAEARhOzAqAycnfDLPrY8DZYBGBQxAAMA\/CESpEJwdYtExyOnTtGTSjFAAACWCQMtTkgnCkB3mlyHo2hELpK34qN\/tn27kX9DRUmi65QznJnJXr0IVJ+d4Fxix8NmNcmsfFkQLOW6576+A4JwNmi2uSQdWXRM2VKcszNCnJz207wH1jUAcpCU9XZA6ttuPzt6cvS6PNIk8FwKlWlblH32PnQxSRg2bkLvkOMPE7sKF8F2oGKz69cDRT5LGhyKnJSGY5lnAAAAIgAQA2iP+zSLUWDQyLFKEwEwAAAiAA4DCBO34E8CVbwHHovTAAAAACIAEAMbnwHuSmVz+ONk\/YEBMAAAFgAIAAEshLzib3wACAAUXTCmuD43X2iZxaQUlL\/5MyGiwQU="} +00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1676659970535509,"flow_dst_last_pkt_time":1676659968058079,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676659970535509,"pkt":"CL6sCxduJjb1W8R1CABFwAEskDtAAEARVlLAqAycnfDnPrY8DZYBGMeDAAMA\/CESpEJwdYtExyOnTtGTSjNAAACWCQNxyDQh65HCwK\/NwM57eGVAnp73+KYPg1k+lNrVEVkNPnu5t9hC5BRxAv+1EaOtzlbgzlIq2\/WPsB5SRMDksABVRMTM9J4aDhkK8p1864X++Y5SKMM+YDG4F3l8CE9EEsygUCuw1FeaQaDvzERSEqz4d5mYYPBEmipy1b3wHHsk5VkyouOLzceIjWTBDv1RY+CT0wD4AAAAIgAQA2iP+zSLUWDQyLFKEwEwAAAiAA4DCBO34E8CVbwHHovTAAAAACIAEAMbnwHuSmVz+ONk\/YEBMAAAFgAIAAEshLziQ3wACAAUdlyb+OtOXI7rKuC4GmkDKD2OYuc="} +00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1676659970535785,"flow_dst_last_pkt_time":1676659968060888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676659970535785,"pkt":"CL6sCxduJjb1W8R1CABFwAEsz\/NAAEAR6KXAqAycnfAVM7Y8DZYBGApYAAMA\/CESpEJwdYtExyOnTtGTSjVAAACWCQNaRGvs7+ccuZ\/MfxmbOvUVp8noEHkp7nF6xocCdKtvmOlig71m6+555gD\/mKnSGLIGNRynB98Dn1I4xNjPBc\/JcXx85sPvklgbnR+jKW8z3v+tFyKmLoRYXO+76gRpJvbZMI+O\/1oNzvmh6C\/4OrGc+hLich1SR+QSsMSOS20JWZv3s1la5zjKfswADrKC6jyH7ubtAAAAIgAQA2iP+zSLUWDQyLFKEwEwAAAiAA4DCBO34E8CVbwHHovTAAAAACIAEAMbnwHuSmVz+ONk\/YEBMAAAFgAIAAEshLzisXEACAAUxlAZpezDVrKNQfTXtMKFj8Q0YXo="} +00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1676659970536146,"flow_dst_last_pkt_time":1676659968064299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676659970536146,"pkt":"CL6sCxduJjb1W8R1CABFwAEsBYZAAEARBRbAqAycnfDDMLY8DZYBGOqTAAMA\/CESpEJwdYtExyOnTtGTSjdAAACWCQOx8jP4xX+S8mUrXXk2n15fuMSnBwYiWgGrpiuTXvKiSw3Eir1rG\/\/xENKpYnRSCtBCjSrxtliPheTZDngaGDi34a9YHKHQKUIhCjhpwP8Uvudi7up1PRXt6lCRefFe8K3b0jR++YvWvVrmASoE\/yY9XlSxVZ+G0ZOPBL6y2y9ny+kFjdqzj7\/4wvCraZgPwm+CCYR+AAAAIgAQA2iP+zSLUWDQyLFKEwEwAAAiAA4DCBO34E8CVbwHHovTAAAAACIAEAMbnwHuSmVz+ONk\/YEBMAAAFgAIAAEshLziZ3IACAAUvD2+bpmG411wbIpeZHz1TVucfDM="} +02327{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659971853147,"flow_dst_last_pkt_time":1676659971919436,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":245,"flow_src_tot_l4_payload_len":2693,"flow_dst_tot_l4_payload_len":1097,"midstream":0,"thread_ts_usec":1676659971919436,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":33,"avg":248828.9,"max":2505343,"stddev":601339.2,"var":361608839168.0,"ent":2.9,"data": [164,8431,48,2463749,2505343,241,3586,277,39475,77,6128,4820,33,25931,31612,82045,37743,1684,120855,35,78585,59946,292774,129998,59732,381615,376352,412427,48,227940,362001]},"pktlen": {"min":48,"avg":146.4,"max":300,"stddev":92.2,"var":8492.2,"ent":4.7,"data": [240,240,96,96,74,300,300,300,300,96,96,74,96,96,48,48,98,300,300,96,96,89,53,107,108,53,77,86,150,73,227,273]},"bins": {"c_to_s": [2,4,1,1,0,0,3,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,10,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,1,0,0,0,0,1,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,1,0,1,0,0,0,1],"entropies": [7.019773483,6.984464645,5.818136215,5.825999260,5.808753967,6.987159729,6.971193790,6.971321106,6.997097969,5.676367760,5.789438725,5.665334225,5.732045174,5.722330570,5.218094349,5.178508282,5.782431126,6.963978291,6.992527008,5.698242188,5.789439201,5.829556465,4.883490086,6.023591995,6.055227757,5.025671005,5.503230572,5.670224667,6.552639484,5.494553089,6.944911957,7.162023067]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625604,"pkt":"CL6sCxduJjb1W8R1CABFwAEsi9JAAEARdrvAqAycnfDLPsF2DZYBGCb2AAMA\/CESpEI9TftlKWJACU3e+TlAAACWCQOxp8aYvFg8y+QXBpsvhjNMa1N4G7Sf9JFjapUuLmz0CsTDFAPO9KqiGsXxWezQ59eQpoCSxT1fsfDFF2XYEWLYT7Z5ywaH6eaIeDG7vzkQfWGJo3mm7lbdY7xd0W8bEsEGktqDrQsGdB5\/+jjeW0yFm1wJQhQWIaUpZQMlzDvLLl3GStdW2AnbX4eC5IclH+Gf\/MylAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLzib3wACAAUpYIpus8qv8w9yHZkGb+Y7RORCLU="} +01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625741,"pkt":"CL6sCxduJjb1W8R1CABFwAEsi9NAAEARdrrAqAycnfDLPsF2DZYBGPgrAAMA\/CESpEI9TftlKWJACU3e+TpAAACWCQOxp8aYvFg8y+QXBpsvhjNMa1N4G7Sf9JFjapUuLmz0CsTDFAPO9KqiGsXxWezQ59eQpoCSxT1fsfDFF2XYEWLYT7Z5ywaH6eaIeDG7vzkQfWGJo3mm7lbdY7xd0W8bEsEGktqDrQsGdB5\/+jjeW0yFm1wJQhQWIaUpZQMlzDvLLl3GStdW2AnbX4eC5IclH+Gf\/MylAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLzib3wACAAUEQwgZYwKJgQ4LTYK3y4FIA+jynM="} +00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625888,"pkt":"CL6sCxduJjb1W8R1CABFwAEsmRpAAEARTXPAqAycnfDnPsF2DZYBGH7rAAMA\/CESpEI9TftlKWJACU3e+TtAAACWCQPeFjak0d7PKFAs7XLj2+P+s\/PhMuWphSLboMCgL8FYcsJ22UWhr314dj\/sKuxUjmg5xQ\/jx9XG\/YEFdqUUT0rbOYoIi50IwG51J2FjLJRXjMezKXn+8dloeg+G6pVS2Czb4qwcI\/U\/yOu2RsIn1ZkxZBTgillM10QGiC2nxS3GP3Pyg89JFN85UcQxXm3doEZ8I2gXAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziQ3wACAAUCDd5eQa4+xNebQ8SJJA4mgXX1Xw="} +01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020626848,"pkt":"CL6sCxduJjb1W8R1CABFwAEsmRtAAEARTXLAqAycnfDnPsF2DZYBGAyJAAMA\/CESpEI9TftlKWJACU3e+TxAAACWCQPeFjak0d7PKFAs7XLj2+P+s\/PhMuWphSLboMCgL8FYcsJ22UWhr314dj\/sKuxUjmg5xQ\/jx9XG\/YEFdqUUT0rbOYoIi50IwG51J2FjLJRXjMezKXn+8dloeg+G6pVS2Czb4qwcI\/U\/yOu2RsIn1ZkxZBTgillM10QGiC2nxS3GP3Pyg89JFN85UcQxXm3doEZ8I2gXAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziQ3wACAAUmjsvXCKwESsJBUhkQNrKqeK5XsE="} +00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020626979,"pkt":"CL6sCxduJjb1W8R1CABFwAEsOIpAAEAR0QPAqAycnfDEPsF2DZYBGJUCAAMA\/CESpEI9TftlKWJACU3e+T1AAACWCQPGTvqHwwSK7PRiLSImLIKh\/fPLrOsx\/rtb4xnlO+h\/S8O\/UZlWtSeGS1rfAQxxwD3rylX96sS7cSBQmvCNf2TOwF\/JRt9mywjNe1pUQo9jU5c0ZxrdUZDRq+CZMIW0FSHrmDPoAXCraaMzfQ1aJVz\/5ObQw+UDNrc6hxQu5PTn27CWWZVuQS13m6BeFu60vevHT2j7AAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziYHwACAAUB5JO\/KlnIgtwDyIZGyJD72U36pw="} +01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627131,"pkt":"CL6sCxduJjb1W8R1CABFwAEsOItAAEAR0QLAqAycnfDEPsF2DZYBGPuoAAMA\/CESpEI9TftlKWJACU3e+T5AAACWCQPGTvqHwwSK7PRiLSImLIKh\/fPLrOsx\/rtb4xnlO+h\/S8O\/UZlWtSeGS1rfAQxxwD3rylX96sS7cSBQmvCNf2TOwF\/JRt9mywjNe1pUQo9jU5c0ZxrdUZDRq+CZMIW0FSHrmDPoAXCraaMzfQ1aJVz\/5ObQw+UDNrc6hxQu5PTn27CWWZVuQS13m6BeFu60vevHT2j7AAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziYHwACAAUfoSihPG3YBzTpEujhX4y3pFRIJQ="} +00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627268,"pkt":"CL6sCxduJjb1W8R1CABFwAEsdxlAAEARgTbAqAycszzAMMF2DZYBGFP0AAMA\/CESpEI9TftlKWJACU3e+T9AAACWCQNKyv924htSBDgoPvPaA6yOr0x9kSC6Te5xTak23qUax5cZtJwuAApb8Ui+tHOwfpbSpWzleIv+\/Y\/zgmUivrJJrbIFK11cX6yt\/W617VBhxdI74dpc53FDSKllCH09m2ZVJ6nirDntuXoVFquWylwpGeMX8BF7kcX7XJ\/ujSasdt1cdHPd78hU0rxNGJvrkV7sECvDAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJIuZHIACAAUhqeiK6BMauUxm+\/Y2otPN+x\/Trc="} +01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627411,"pkt":"CL6sCxduJjb1W8R1CABFwAEsdxpAAEARgTXAqAycszzAMMF2DZYBGONAAAMA\/CESpEI9TftlKWJACU3e+UBAAACWCQNKyv924htSBDgoPvPaA6yOr0x9kSC6Te5xTak23qUax5cZtJwuAApb8Ui+tHOwfpbSpWzleIv+\/Y\/zgmUivrJJrbIFK11cX6yt\/W617VBhxdI74dpc53FDSKllCH09m2ZVJ6nirDntuXoVFquWylwpGeMX8BF7kcX7XJ\/ujSasdt1cdHPd78hU0rxNGJvrkV7sECvDAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJIuZHIACAAUyHPsRBz2TIoTMZ+WvAxhGroaguM="} +00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627509,"pkt":"CL6sCxduJjb1W8R1CABFwAEsa6ZAAEARbqbAqAycuTzYM8F2DZYBGAVtAAMA\/CESpEI9TftlKWJACU3e+UFAAACWCQOH4\/VCAbPTeMBQBMAl\/C5Apejo8c+1K6Qp4JXppgVH0mQBYEvtKrySE8q2mN2RHr6SUlSQIl0QzHLhhkGXTmiDzzcayhZ2Q3j+W2AjW7xjHlhoZ\/1oB6f1R7cM2YJpevSLPRG1\/9xX5i8OwLQGJZP0IxmexdIX7onMgJjjwxjNZQ25j3xFqkTqBfg35nDf7wZxC\/YQAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJgufHEACAAUkNyfIYYrYkDQ4zmgKorzXUAe8eI="} +01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627695,"pkt":"CL6sCxduJjb1W8R1CABFwAEsa6dAAEARbqXAqAycuTzYM8F2DZYBGKyuAAMA\/CESpEI9TftlKWJACU3e+UJAAACWCQOH4\/VCAbPTeMBQBMAl\/C5Apejo8c+1K6Qp4JXppgVH0mQBYEvtKrySE8q2mN2RHr6SUlSQIl0QzHLhhkGXTmiDzzcayhZ2Q3j+W2AjW7xjHlhoZ\/1oB6f1R7cM2YJpevSLPRG1\/9xX5i8OwLQGJZP0IxmexdIX7onMgJjjwxjNZQ25j3xFqkTqBfg35nDf7wZxC\/YQAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJgufHEACAAU1fgpuSj5BRZ8oNucqnlM0gIwTBo="} +00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020633882,"pkt":"Jjb1W8R1CL6sCxduCABFAABgu4RAAFURM5Wd8Ms+wKgMnA2WwXYATBxlAQMAMCESpEI9TftlKWJACU3e+TkAIAAIAAHRX3wxD0FAAgAIAAABhmC5lZsACAAUUb\/WTpOkWW3X+FJVIBlYvEA2oDs="} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020633906,"pkt":"Jjb1W8R1CL6sCxduCABFAABgu4VAAFURM5Sd8Ms+wKgMnA2WwXYATMHnAQMAMCESpEI9TftlKWJACU3e+ToAIAAIAAHRX3wxD0FAAgAIAAABhmC5lZsACAAUDYqarGE3M6w9+UUOpDJLk0B0AtY="} +00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1676660020635842,"flow_dst_last_pkt_time":1676660020633906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1676660020635842,"pkt":"CL6sCxduJjb1W8R1CABFwABci9RAAEARd4nAqAycnfDLPsF2DZYASEFRCAQALCESpEI9TftlKWJACU3e+UNABwACAfQAAAAWAAgAASyEvOJvfAAIABQ46era\/Z2SZjhFF95tb67cFTcxPA=="} +00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020646356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020646356,"pkt":"Jjb1W8R1CL6sCxduCABFAABgEA9AAFYRwgqd8Oc+wKgMnA2WwXYATESqAQMAMCESpEI9TftlKWJACU3e+TsAIAAIAAHRX3wxD0FAAgAIAAABhmC5laIACAAU2sO6qtIQRG8Fb8Ku\/1Yc8bkNCwU="} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020646394,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020646394,"pkt":"Jjb1W8R1CL6sCxduCABFAABgEBBAAFYRwgmd8Oc+wKgMnA2WwXYATMHdAQMAMCESpEI9TftlKWJACU3e+TwAIAAIAAHRX3wxD0FAAgAIAAABhmC5laIACAAUtd5zvNHTNstw7o7HFkTuf+A5wEQ="} +00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020646446,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020646446,"pkt":"Jjb1W8R1CL6sCxduCABFAABgKX5AAFMRn1q5PNgzwKgMnA2WwXYATEpFAQMAMCESpEI9TftlKWJACU3e+UEAIAAIAAHRX3wxD0FAAgAIAAABhmC5laEACAAUH8edTAMAuZVpRGGCYax6hVg0ya8="} +00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020646471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020646471,"pkt":"Jjb1W8R1CL6sCxduCABFAABgKX9AAFMRn1m5PNgzwKgMnA2WwXYATDurAQMAMCESpEI9TftlKWJACU3e+UIAIAAIAAHRX3wxD0FAAgAIAAABhmC5laIACAAUqiKz9h9t1ITvWTv\/BN9zdrh6ouk="} +00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020649547,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020649547,"pkt":"Jjb1W8R1CL6sCxduCABFAABgXFdAAFMRioSzPMAwwKgMnA2WwXYATFMNAQMAMCESpEI9TftlKWJACU3e+T8AIAAIAAHRX3wxD0FAAgAIAAABhmC5laMACAAUAUJ5rKYzB8P+FxjEnR76AoJ8\/mE="} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020649585,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020649585,"pkt":"Jjb1W8R1CL6sCxduCABFAABgXFhAAFMRioOzPMAwwKgMnA2WwXYATFWhAQMAMCESpEI9TftlKWJACU3e+UAAIAAIAAHRX3wxD0FAAgAIAAABhmC5laMACAAUgv6L2fitRmrDKBO6QOmHmVTNEwk="} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020649607,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020649607,"pkt":"Jjb1W8R1CL6sCxduCABFAABg00xAAFQRI82d8MQ+wKgMnA2WwXYATB51AQMAMCESpEI9TftlKWJACU3e+T0AIAAIAAHRX3wxD0FAAgAIAAABhmC5laAACAAUDM36X1qnGrp9aVSAhimrdKC7fMo="} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020649623,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020649623,"pkt":"Jjb1W8R1CL6sCxduCABFAABg001AAFQRI8yd8MQ+wKgMnA2WwXYATIH0AQMAMCESpEI9TftlKWJACU3e+T4AIAAIAAHRX3wxD0FAAgAIAAABhmC5laAACAAUxKTeHLccf0M6tOjMy8siv2yc4lE="} +02331{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020791890,"flow_dst_last_pkt_time":1676660020799292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":1396,"flow_dst_tot_l4_payload_len":6812,"midstream":0,"thread_ts_usec":1676660020799292,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":24,"avg":10966.9,"max":25268,"stddev":4978.7,"var":24787812.0,"ent":4.8,"data": [137,8278,24,10101,8060,24512,25268,11561,10122,12790,14381,10560,10576,10583,10464,16311,6103,16248,5886,9963,9713,10612,11320,10716,10523,10812,10574,10236,10724,11289,11527]},"pktlen": {"min":48,"avg":284.5,"max":540,"stddev":217.5,"var":47305.8,"ent":4.6,"data": [300,300,96,96,92,540,92,540,92,540,92,540,92,540,92,540,48,92,48,540,92,540,92,540,92,540,92,540,92,540,92,540]},"bins": {"c_to_s": [1,0,13,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [6.990001202,7.010884762,5.755636215,5.672302246,5.721662998,1.491354108,5.778674603,1.487650514,5.626501560,1.484854460,5.623420715,1.491354465,5.691719532,1.491354108,5.569489479,1.485344768,5.160700798,5.721662998,5.136841774,1.489048600,5.743401527,1.492752314,5.735196590,1.489956141,5.640035152,1.476539373,5.664651394,1.487650633,5.808619022,1.477447271,5.713458061,1.502465248]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024064221,"pkt":"CL6sCxduJjb1W8R1CABFwABISENAAEAR8RrAqAycClIo8cF2nfQANFuYAAEAGCESpEJVqr9siNtocRyv\/Q8ACAAUchhTvhiAgB6AsW9lN0aBjK2SqVw="} +01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024118990,"pkt":"CL6sCxduJjb1W8R1CABFwABIQMlAAEARWF\/AqAycXSF2V8F2oJMANCgyAAEAGCESpEJkgPwVvmQKYO\/3pCAACAAUg1CfFRfb1oP8Sp+duu11SA8TZZg="} +01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024190308,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024190308,"pkt":"Jjb1W8R1CL6sCxduCABFKABIhuhAADYRHNhdIXZXwKgMnKCTwXYANMoKAQEAGCESpEJkgPwVvmQKYO\/3pCAACAAU75F70SqUX4Lgp4cEKxEnrcitNiQ="} +00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024239979,"pkt":"Jjb1W8R1CL6sCxduCABFKABIhuxAADYRHNRdIXZXwKgMnKCTwXYANNC\/AAEAGCESpEKLftcLEYCUSZQPnhMACAAUyvIcEMHWqj2hvqdguHUxOVHLVE0="} +00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1676660024243082,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024243082,"pkt":"CL6sCxduJjb1W8R1CABFwABIQNRAAEARWFTAqAycXSF2V8F2oJMANHYOAQEAGCESpEKLftcLEYCUSZQPnhMACAAUURXXOFysTKzVt50fky2JdWR1wBg="} +00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1676660024325807,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_usec":1676660024325807,"pkt":"CL6sCxduJjb1W8R1CABFwAB1QNhAAEARWCPAqAycXSF2V8F2oJMAYc1lkHgABQAA3UBRZ9y23r4AA1ErK2EAvZEZhwAAAKbOSK90hIl36enLLzUIk6r\/w1XH6T2mtq3Gg8VNMWWeuoZcZLDNzrjMgd0lraiBKjJ3Gy5jB\/m61+BApbg="} +00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1676660024620334,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024620334,"pkt":"CL6sCxduJjb1W8R1CABFwABISE9AAEAR8Q7AqAycClIo8cF2nfQANEB+AAEAGCESpEIXwuNn6QQGBGvPy2QACAAUUNSepUVO3cHbT1W7D8IkB9QMLLk="} +00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1676660025173851,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660025173851,"pkt":"CL6sCxduJjb1W8R1CABFwABISHxAAEAR8OHAqAycClIo8cF2nfQANJUKAAEAGCESpEJbGGZZJbjNIbGSmgoACAAUqscImv03XhISfmW0WS8IT6fPtOk="} +00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1676660025726086,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660025726086,"pkt":"CL6sCxduJjb1W8R1CABFwABISIRAAEAR8NnAqAycClIo8cF2nfQANJ6PAAEAGCESpEKk0qlxm\/ZTOSdEwkYACAAUXDPKAV6TGyzZ4WyS4fYKXK0zlIs="} +00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1676660026276036,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660026276036,"pkt":"CL6sCxduJjb1W8R1CABFwABISLRAAEAR8KnAqAycClIo8cF2nfQANMOEAAEAGCESpEKl9A496LZkbYe+i00ACAAU\/ewrDda+DUas0DsT+++L7XeLDdc="} +00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660027432762,"flow_src_last_pkt_time":1676660027432762,"flow_dst_last_pkt_time":1676660027432762,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660027432762,"l3_proto":"ip4","src_ip":"93.63.100.129","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} +00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1676660027432762,"flow_dst_last_pkt_time":1676660027432762,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660027432762,"pkt":"Jjb1W8R1CL6sCxduCABFAABgoiQAAPgBkXNdP2SBwKgMnAMApW4AEQAARQAASEjeQAA4Efk\/wKgMnApSKPHBdp30ADSYCgABABghEqRC5xzHRnteXD13uFxaAAgAFDCLx\/tSkAsmj1JamKGIXok="} +01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660027432762,"flow_src_last_pkt_time":1676660027432762,"flow_dst_last_pkt_time":1676660027432762,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660027432762,"l3_proto":"ip4","src_ip":"93.63.100.129","dst_ip":"192.168.12.156","l4_proto":"icmp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.458712}} +01126{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659999805428,"flow_dst_last_pkt_time":1676659970541205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660030234945,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01125{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659999805772,"flow_dst_last_pkt_time":1676659970555657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660030234945,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01126{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659999805894,"flow_dst_last_pkt_time":1676659970561481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660030234945,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01126{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659999805645,"flow_dst_last_pkt_time":1676659970555584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660030234945,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01129{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":171,"flow_dst_packets_processed":206,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659999805377,"flow_dst_last_pkt_time":1676659999441975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":392,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":21189,"flow_dst_tot_l4_payload_len":21151,"midstream":0,"thread_ts_usec":1676660030234945,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00821{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1676660035302538,"flow_dst_last_pkt_time":1676660020646394,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":262,"pkt_l4_len":228,"thread_ts_usec":1676660035302538,"pkt":"CL6sCxduJjb1W8R1CABFwAD4nFpAAEARSmfAqAycnfDnPsF2DZYA5DdUCAAAyCESpEI9TftlKWJACU3e+WtAAACWCQPeFjak0d7PKFAs7XLj2+P+s\/PhMuWphSLboMCgL8FYcsJ22UWhr314dj\/sKuxUjmg5xQ\/jx9XG\/YEFdqUUT0rbOYoIi50IwG51J2FjLJRXjMezKXn+8dloeg+G6pVS2Czb4qwcI\/U\/yOu2RsIn1ZkxZBTgillM10QGiC2nxS3GP3Pyg89JFN85UcQxXm3doEZ8I2gXAACAKwAEAQAAAAAWAAgAASyEvOJDfAAIABTB6XXdvtn8urnVZPPRW5VLvWw81A=="} +00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1676660035302780,"flow_dst_last_pkt_time":1676660020649623,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":262,"pkt_l4_len":228,"thread_ts_usec":1676660035302780,"pkt":"CL6sCxduJjb1W8R1CABFwAD4OcVAAEARz\/zAqAycnfDEPsF2DZYA5LqXCAAAyCESpEI9TftlKWJACU3e+WxAAACWCQPGTvqHwwSK7PRiLSImLIKh\/fPLrOsx\/rtb4xnlO+h\/S8O\/UZlWtSeGS1rfAQxxwD3rylX96sS7cSBQmvCNf2TOwF\/JRt9mywjNe1pUQo9jU5c0ZxrdUZDRq+CZMIW0FSHrmDPoAXCraaMzfQ1aJVz\/5ObQw+UDNrc6hxQu5PTn27CWWZVuQS13m6BeFu60vevHT2j7AACAKwAEAQAAAAAWAAgAASyEvOJgfAAIABRuuuw0BjdFpmcOvlTb9zEQYP8FQA=="} +00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1676660035302856,"flow_dst_last_pkt_time":1676660020649585,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":262,"pkt_l4_len":228,"thread_ts_usec":1676660035302856,"pkt":"CL6sCxduJjb1W8R1CABFwAD4e8xAAEARfLfAqAycszzAMMF2DZYA5PEpCAAAyCESpEI9TftlKWJACU3e+W1AAACWCQNKyv924htSBDgoPvPaA6yOr0x9kSC6Te5xTak23qUax5cZtJwuAApb8Ui+tHOwfpbSpWzleIv+\/Y\/zgmUivrJJrbIFK11cX6yt\/W617VBhxdI74dpc53FDSKllCH09m2ZVJ6nirDntuXoVFquWylwpGeMX8BF7kcX7XJ\/ujSasdt1cdHPd78hU0rxNGJvrkV7sECvDAACAKwAEAQAAAAAWAAgAASyEki5kcgAIABTPPxoVukcSAlAB+BQwXqG4Iu0sgw=="} +00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1676660035303048,"flow_dst_last_pkt_time":1676660020646471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":262,"pkt_l4_len":228,"thread_ts_usec":1676660035303048,"pkt":"CL6sCxduJjb1W8R1CABFwAD4bFFAAEARbi\/AqAycuTzYM8F2DZYA5Af7CAAAyCESpEI9TftlKWJACU3e+W5AAACWCQOH4\/VCAbPTeMBQBMAl\/C5Apejo8c+1K6Qp4JXppgVH0mQBYEvtKrySE8q2mN2RHr6SUlSQIl0QzHLhhkGXTmiDzzcayhZ2Q3j+W2AjW7xjHlhoZ\/1oB6f1R7cM2YJpevSLPRG1\/9xX5i8OwLQGJZP0IxmexdIX7onMgJjjwxjNZQ25j3xFqkTqBfg35nDf7wZxC\/YQAACAKwAEAQAAAAAWAAgAASyEmC58cQAIABQ\/bDmgJPrLgG0jVRtO1LcI5dJa0g=="} +01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660027432762,"flow_src_last_pkt_time":1676660027432762,"flow_dst_last_pkt_time":1676660027432762,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"93.63.100.129","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660035302538,"flow_dst_last_pkt_time":1676660020646394,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660035302780,"flow_dst_last_pkt_time":1676660020649623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":73,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660035302005,"flow_dst_last_pkt_time":1676660032998729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":500,"flow_dst_max_l4_payload_len":1113,"flow_src_tot_l4_payload_len":10937,"flow_dst_tot_l4_payload_len":37017,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01233{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660034747875,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01239{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024502343,"flow_dst_last_pkt_time":1676660024457689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":834,"flow_src_tot_l4_payload_len":3129,"flow_dst_tot_l4_payload_len":5056,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660035302856,"flow_dst_last_pkt_time":1676660020649585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660035303048,"flow_dst_last_pkt_time":1676660020646471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659999805645,"flow_dst_last_pkt_time":1676659970555584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659999805894,"flow_dst_last_pkt_time":1676659970561481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659999805772,"flow_dst_last_pkt_time":1676659970555657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659999805428,"flow_dst_last_pkt_time":1676659970541205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":171,"flow_dst_packets_processed":206,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659999805377,"flow_dst_last_pkt_time":1676659999441975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":392,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":21189,"flow_dst_tot_l4_payload_len":21151,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00596{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","packets-captured":591,"packets-processed":591,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":110,"global_ts_usec":1676660035303048} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 591/591 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 108875 bytes +~~ total detected protocols..: 13 +~~ total active/idle flows...: 13/13 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7636387 bytes +~~ total memory freed........: 7636387 bytes +~~ total allocations/frees...: 143413/143413 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 520 chars +~~ json string max len.......: 2336 chars +~~ json string avg len.......: 1427 chars diff --git a/test/results/default/syncthing.pcap.out b/test/results/default/syncthing.pcap.out index 863a147c0..371cfc469 100644 --- a/test/results/default/syncthing.pcap.out +++ b/test/results/default/syncthing.pcap.out @@ -46,9 +46,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7971273 bytes -~~ total memory freed........: 7971273 bytes -~~ total allocations/frees...: 148350/148350 +~~ total memory allocated....: 7601006 bytes +~~ total memory freed........: 7601006 bytes +~~ total allocations/frees...: 142753/142753 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 1177 chars diff --git a/test/results/default/synscan.pcap.out b/test/results/default/synscan.pcap.out index ab721c142..44e29777b 100644 --- a/test/results/default/synscan.pcap.out +++ b/test/results/default/synscan.pcap.out @@ -8002,9 +8002,9 @@ ~~ total active/idle flows...: 1994/1994 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 12207878 bytes -~~ total memory freed........: 12207878 bytes -~~ total allocations/frees...: 172228/172228 +~~ total memory allocated....: 11885371 bytes +~~ total memory freed........: 11885371 bytes +~~ total allocations/frees...: 166631/166631 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 1216 chars diff --git a/test/results/default/syslog.pcap.out b/test/results/default/syslog.pcap.out index 18fe53bce..005324775 100644 --- a/test/results/default/syslog.pcap.out +++ b/test/results/default/syslog.pcap.out @@ -154,9 +154,9 @@ ~~ total active/idle flows...: 19/19 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8006695 bytes -~~ total memory freed........: 8006695 bytes -~~ total allocations/frees...: 148581/148581 +~~ total memory allocated....: 7636788 bytes +~~ total memory freed........: 7636788 bytes +~~ total allocations/frees...: 142984/142984 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 285 chars ~~ json string max len.......: 2219 chars diff --git a/test/results/default/tailscale.pcap.out b/test/results/default/tailscale.pcap.out index cfb278233..13587dbdd 100644 --- a/test/results/default/tailscale.pcap.out +++ b/test/results/default/tailscale.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967202 bytes -~~ total memory freed........: 7967202 bytes -~~ total allocations/frees...: 148394/148394 +~~ total memory allocated....: 7596863 bytes +~~ total memory freed........: 7596863 bytes +~~ total allocations/frees...: 142797/142797 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 2369 chars diff --git a/test/results/default/targusdataspeed_false_positives.pcap.out b/test/results/default/targusdataspeed_false_positives.pcap.out index a11b2ffc1..f685e2c70 100644 --- a/test/results/default/targusdataspeed_false_positives.pcap.out +++ b/test/results/default/targusdataspeed_false_positives.pcap.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966371 bytes -~~ total memory freed........: 7966371 bytes -~~ total allocations/frees...: 148304/148304 +~~ total memory allocated....: 7596056 bytes +~~ total memory freed........: 7596056 bytes +~~ total allocations/frees...: 142707/142707 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 537 chars ~~ json string max len.......: 1193 chars diff --git a/test/results/default/tcp_scan.pcapng.out b/test/results/default/tcp_scan.pcapng.out index 92a838ef5..e527dbef1 100644 --- a/test/results/default/tcp_scan.pcapng.out +++ b/test/results/default/tcp_scan.pcapng.out @@ -48,9 +48,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7977384 bytes -~~ total memory freed........: 7977384 bytes -~~ total allocations/frees...: 148379/148379 +~~ total memory allocated....: 7607189 bytes +~~ total memory freed........: 7607189 bytes +~~ total allocations/frees...: 142782/142782 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 1182 chars diff --git a/test/results/default/teams.pcap.out b/test/results/default/teams.pcap.out index 22c2eda3e..1dbee337b 100644 --- a/test/results/default/teams.pcap.out +++ b/test/results/default/teams.pcap.out @@ -686,9 +686,9 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9092192 bytes -~~ total memory freed........: 9092192 bytes -~~ total allocations/frees...: 151087/151087 +~~ total memory allocated....: 8723821 bytes +~~ total memory freed........: 8723821 bytes +~~ total allocations/frees...: 145490/145490 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 295 chars ~~ json string max len.......: 2501 chars diff --git a/test/results/default/teamspeak3.pcap.out b/test/results/default/teamspeak3.pcap.out index 547444a66..b5eef9540 100644 --- a/test/results/default/teamspeak3.pcap.out +++ b/test/results/default/teamspeak3.pcap.out @@ -266,9 +266,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7983280 bytes -~~ total memory freed........: 7983280 bytes -~~ total allocations/frees...: 148887/148887 +~~ total memory allocated....: 7612965 bytes +~~ total memory freed........: 7612965 bytes +~~ total allocations/frees...: 143290/143290 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 2227 chars diff --git a/test/results/default/teamviewer.pcap.out b/test/results/default/teamviewer.pcap.out index 996ee09c0..ab3b3d006 100644 --- a/test/results/default/teamviewer.pcap.out +++ b/test/results/default/teamviewer.pcap.out @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7976424 bytes -~~ total memory freed........: 7976424 bytes -~~ total allocations/frees...: 148651/148651 +~~ total memory allocated....: 7606109 bytes +~~ total memory freed........: 7606109 bytes +~~ total allocations/frees...: 143054/143054 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2389 chars diff --git a/test/results/default/telegram.pcap.out b/test/results/default/telegram.pcap.out index b27d8137d..cf613f7c6 100644 --- a/test/results/default/telegram.pcap.out +++ b/test/results/default/telegram.pcap.out @@ -345,9 +345,9 @@ ~~ total active/idle flows...: 48/48 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8107859 bytes -~~ total memory freed........: 8107859 bytes -~~ total allocations/frees...: 150356/150356 +~~ total memory allocated....: 7738648 bytes +~~ total memory freed........: 7738648 bytes +~~ total allocations/frees...: 144759/144759 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2354 chars diff --git a/test/results/default/telnet.pcap.out b/test/results/default/telnet.pcap.out index f35665659..3356c27b5 100644 --- a/test/results/default/telnet.pcap.out +++ b/test/results/default/telnet.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7968815 bytes -~~ total memory freed........: 7968815 bytes -~~ total allocations/frees...: 148380/148380 +~~ total memory allocated....: 7598476 bytes +~~ total memory freed........: 7598476 bytes +~~ total allocations/frees...: 142783/142783 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 1971 chars diff --git a/test/results/default/teredo.pcap.out b/test/results/default/teredo.pcap.out index 6b7704ed3..0e7bdd17b 100644 --- a/test/results/default/teredo.pcap.out +++ b/test/results/default/teredo.pcap.out @@ -39,9 +39,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7973195 bytes -~~ total memory freed........: 7973195 bytes -~~ total allocations/frees...: 148355/148355 +~~ total memory allocated....: 7602952 bytes +~~ total memory freed........: 7602952 bytes +~~ total allocations/frees...: 142758/142758 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 1103 chars diff --git a/test/results/default/tftp.pcap.out b/test/results/default/tftp.pcap.out index 9c19b0b42..ca52be74a 100644 --- a/test/results/default/tftp.pcap.out +++ b/test/results/default/tftp.pcap.out @@ -47,9 +47,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7979920 bytes -~~ total memory freed........: 7979920 bytes -~~ total allocations/frees...: 148462/148462 +~~ total memory allocated....: 7609725 bytes +~~ total memory freed........: 7609725 bytes +~~ total allocations/frees...: 142865/142865 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 2179 chars diff --git a/test/results/default/threema.pcap.out b/test/results/default/threema.pcap.out index dc45b2830..da20ec2f2 100644 --- a/test/results/default/threema.pcap.out +++ b/test/results/default/threema.pcap.out @@ -60,9 +60,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7989294 bytes -~~ total memory freed........: 7989294 bytes -~~ total allocations/frees...: 148431/148431 +~~ total memory allocated....: 7619075 bytes +~~ total memory freed........: 7619075 bytes +~~ total allocations/frees...: 142834/142834 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 974 chars diff --git a/test/results/default/thrift.pcap.out b/test/results/default/thrift.pcap.out new file mode 100644 index 000000000..fd2574140 --- /dev/null +++ b/test/results/default/thrift.pcap.out @@ -0,0 +1,33 @@ +00507{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00570{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618939325157360} +00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325157360,"flow_dst_last_pkt_time":1618939325157360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618939325157360,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618939325157360,"flow_dst_last_pkt_time":1618939325157360,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618939325157360,"pkt":"ZGV2aWNlZHJpdmVyCABFAAA0aulAAIAGAACp\/jv3qf4uBNCLKwLKdsytAAAAAIACIAB\/HQAAAgQFtAEDAwgBAQQC"} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618939325157360,"flow_dst_last_pkt_time":1618939325157427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618939325157427,"pkt":"ZHJpdmVyZGV2aWNlCABFAAA0AABAAD4Gvc2p\/i4Eqf479ysC0Iu7suEFynbMroASchBOjwAAAgQFtAEBBAIBAwMG"} +00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1618939325157495,"flow_dst_last_pkt_time":1618939325157427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1618939325157495,"pkt":"ZGV2aWNlZHJpdmVyCABFAAAoaupAAIAGAACp\/jv3qf4uBNCLKwLKdsyuu7LhBlAQAQB\/EQAA"} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1618939325157555,"flow_dst_last_pkt_time":1618939325157427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1618939325157555,"pkt":"ZGV2aWNlZHJpdmVyCABFAABQautAAIAGAACp\/jv3qf4uBNCLKwLKdsyuu7LhBlAYAQB\/OQAAgAEAAQAAABRhbm9ueW1vdXNfY29tbWFuZF9vbgAAAAAIAAEAAAAAAA=="} +00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325157555,"flow_dst_last_pkt_time":1618939325157427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618939325157555,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1618939325157555,"flow_dst_last_pkt_time":1618939325157615,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1618939325157615,"pkt":"ZHJpdmVyZGV2aWNlCABFAAAoqt1AAD4GEvyp\/i4Eqf479ysC0Iu7suEGynbM1lAQAcn\/fwAAAAAAAAAA"} +02111{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325159246,"flow_dst_last_pkt_time":1618939325159187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2920,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3250,"flow_dst_tot_l4_payload_len":7422,"midstream":0,"thread_ts_usec":1618939325159246,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":59,"avg":119.8,"max":188,"stddev":47.3,"var":2241.9,"ent":4.8,"data": [67,135,60,188,60,179,118,60,178,118,59,178,119,60,178,118,59,178,123,123,119,60,187,132,60,183,118,69,188,120,119]},"pktlen": {"min":40,"avg":375.2,"max":2960,"stddev":637.8,"var":406764.6,"ent":3.6,"data": [52,52,40,80,46,88,80,46,80,82,46,106,121,46,311,90,46,104,78,89,79,1500,628,40,1500,628,40,1500,628,40,780,2960]},"bins": {"c_to_s": [5,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1],"s_to_c": [6,3,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,0],"entropies": [4.382568836,4.855899811,4.571928978,4.561148643,4.565871716,5.056412220,4.614388943,4.549460888,4.772574902,4.961133480,4.462504387,4.880326271,3.973908663,4.549460888,5.147182465,4.755144119,4.565872192,4.847397804,4.628648281,4.771815300,4.955598831,6.128622055,6.129070759,4.621928692,6.089191914,6.081182480,4.621928692,6.083991051,6.070480347,4.621928692,6.112934589,6.078311443]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00581{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","packets-captured":171,"packets-processed":170,"total-skipped-flows":0,"total-l4-payload-len":85745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1622206473205908} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1622206473205908,"flow_src_last_pkt_time":1622206473205908,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4894,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4894,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4894,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622206473205908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49164,"dst_port":6831,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +07056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1622206473205908,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":4936,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4936,"pkt_l4_len":4902,"thread_ts_usec":1622206473205908,"pkt":"AAAAAAAAAAAAAAAACABFABM6Zi5AAEARw4J\/AAABfwAAAcAMGq8TJhE6goGygQEJZW1pdEJhdGNoHBwYGG1hdHJpeC5vcmcgdGVzdF93b3JrZXItMRk8GA5qYWVnZXIudmVyc2lvbhUAGAxQeXRob24tNC4xLjAAGAJpcBUAGA8xNzYuMTI2LjI0MC4xNTgAGAhob3N0bmFtZRUAGBVoaXBwb2dyaWZmLm1hdHJpeC5vcmcAABn8FBaGuaOvmYTOqQQWABbMtcCLqNbW4eoBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFprMtIHs2OEFFrAHGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI3NzUxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWnNG0gezY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWxJryxpeBoekEFgAWyPDeuea8r6YuFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFval54Hs2OEFFqwJGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI3ODMxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW\/qvngezY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAgAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgAAAAAW8uWpt+qqgKsEFgAWqYLBtf270evxARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbonO2B7NjhBRbeBxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyNzgzOAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFoSh7YHs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFvqGnZy9+dfwAhYAFtO46sffyaa7GhYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaOjdaC7NjhBRaqBhk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyNzk4NQAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFtaQ1oLs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFuzjrKCg6bX5ARYAFpqsg8CNmf7v3wEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWxozeguzY4QUW1AcZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjc5OTQAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBb4kN6C7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABbgo7HM4sDc9gIWABat27nxrfeN4TsWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW5q\/Cg+zY4QUW+AcZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MjgxMDgAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBawtMKD7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABbcivTis8qLvAEWABbczvODu7Ks5pEBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFrrbloTs2OEFFrQFGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4MjQxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFuaWr8eDzPlFFgAW2IOOiNmRvvVRFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFqjTnoTs2OEFFsIFGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4MjUyABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWrtaehOzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWqOOBz+7B0NMCFgAW5qywk4TRx6YBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFs6wo4Ts2OEFFsoDGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4MjU2ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFozT1u+3sNX5AxYAFruLnr+svsXNXBYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhas7ryE7NjhBRbKCxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyODI5MwAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFqD2vITs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFuTvlKK6tbniBBYAFt7TxoLztJ7ExgEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWqrLkhezY4QUW3g0ZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjg1NzMAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBbMu+SF7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABaAqfv135ayxQEWABbxqpG05PnOr20WABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW3PrvhezY4QUWgAIZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjg1ODUAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAW7v+RypLGwoIFFgAWpa2JyqmV2qBHFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFs7htobs2OEFFvoKGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4NzA2ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW2Oi2huzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWvrSo25Lk6ZEBFgAW\/Mu25N3Uuy8WABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWnKqph+zY4QUWygQZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjg4MjcAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWqqCtwe+ZmegCFgAWrqHm7O\/56JRtFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFrT9rYfs2OEFFrgMGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4ODM3ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW6oSuh+zY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAgAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgAAAAAWtIi99PnliOMDFgAWr4D1oIH+tqbMARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbIi9iH7NjhBRa4Cxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyODg4NgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFvyS2Ifs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFpiG28yl9YTqAxYAFp6Khpqln4D\/vAEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWtIWniOzY4QUWwgcZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MjkwMDUAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBa6iqeI7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABbU4KrL85XASBYAFtnRoOjBlpPt8wEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW9tnkiOzY4QUW4AYZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MjkxMDgAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBaI3uSI7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYCABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAAAAABbyn72E39iHyQIWABb8lfCbktCR8\/QBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFo7D84js2OEFFtYGGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5MTMyABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWtMfziOzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAW1r+jys2k3sEBFgAWqbSn9uzasMAgFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFpDVs4ns2OEFFsYIGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5MjM4ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWutqziezY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAAAA=="} +01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1622206473205908,"flow_src_last_pkt_time":1622206473205908,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4894,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4894,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4894,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622206473205908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49164,"dst_port":6831,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":104,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325167655,"flow_dst_last_pkt_time":1618939325167596,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6875,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":14450,"flow_dst_tot_l4_payload_len":71295,"midstream":0,"thread_ts_usec":1622206473205908,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +06247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1622206484939295,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":4322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4322,"pkt_l4_len":4288,"thread_ts_usec":1622206484939295,"pkt":"AAAAAAAAAAAAAAAACABFABDUa\/ZAAEARwCB\/AAABfwAAAcAMGq8QwA7UgoG0gQEJZW1pdEJhdGNoHBwYGG1hdHJpeC5vcmcgdGVzdF93b3JrZXItMRk8GA5qYWVnZXIudmVyc2lvbhUAGAxQeXRob24tNC4xLjAAGAJpcBUAGA8xNzYuMTI2LjI0MC4xNTgAGAhob3N0bmFtZRUAGBVoaXBwb2dyaWZmLm1hdHJpeC5vcmcAABn8FBa0g7LzyrnngQEWABblrKGoxcOvpxwWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWhLSTiuzY4QUW8AIZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjk0MDQAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWtv6FuMfW8JgCFgAW3qHqkaHita3BARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbAwKqK7NjhBRbKAxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyOTQ0MgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkMABbstN+sgbOr9wMWABbIn4yOmKP384MBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFuSY7ovs2OEFFp4JGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5NjcxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWlp\/ui+zY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAW0tWM2OiK4r0BFgAWo+eQwO2qkOjeARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAha414eM7NjhBRbmBhk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyOTcwNAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFsDbh4zs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgIAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYAAAAAFpryttmhxKdTFgAWseWtqrqlgq9cFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFtqLpI3s2OEFFtYFGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5OTMwABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFtrmpq3dmcfxARYAFtjY6ratrM+VrgEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWqsnLjezY4QUWpAgZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzAwMTYAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAW3sK6\/MSryJHTARYAFqLGvoqEgZqcLBYAGAZ4eHgxMjMlBhaUjfCM7NjhBRbc+Z4BGRwYEXNhbXBsaW5nLnByaW9yaXR5FQZGAgAZDAAWyKqwjd6emYcEFgAW4qH\/nbeXkeoCFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFuyjkY7s2OEFFtAMGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDMwMTM1ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW8KuRjuzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWpLug4Pyk6vkCFgAW3OjsypaSgdgeFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFryryo7s2OEFFsIDGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDMwMjMwABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFvzArf3L35zQBBYAFq2f5a3mhJWg9QEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW\/P7pjuzY4QUW+AYZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzAyODAAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWkvOmk8WC2swCFgAWtI7dwaDc4Z2\/ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbqnOWP7NjhBRaWCxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMDQ3MAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFvSj5Y\/s2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFpTB1qCT2cqkBBYAFvSMwrWC39zRxQEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWtOPrj+zY4QUWigYZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzA0ODAAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBbi5uuP7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABb+mOqot9nKqQQWABa2lJymztvVvjYWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWgpOxkOzY4QUWwgEZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzA1ODAAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWjv\/Q15zA+P8DFgAW+\/2iuY3E3+P9ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaepeOQ7NjhBRaWBBk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMDY1OAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFsyn45Ds2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFujnhs\/6qqS7AxYAFub224W23ojIPhYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaGgYeS7NjhBRamAhk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMDk2NQAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkMABakkI\/xl8iqzQMWABaIpcHvzq\/79SoWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWzNuwkuzY4QUWwAoZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzEwMzQAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBa04rCS7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYCABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAAAAABa8+tv72OzRmAIWABbH5c6EkKG4hCIWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWloTAkuzY4QUW4gEZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzEwNTYAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAW\/N+I9eTZqIwDFgAWg7v+\/4PfgvG7ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbQ+fuS7NjhBRbcAxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMTE0MgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFtz7+5Ls2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFsSeqPfrlcbzAhYAFqXK8qPO186QwAEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWlNCJk+zY4QUW9AMZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzExNjgAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWxPPB2pP1wZMBFgAW+KuAr+XO8fi\/ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaO\/8uU7NjhBRa6BBk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMTQzNgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFuyBzJTs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgIAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYAAAAAAAA="} +01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1622206473205908,"flow_src_last_pkt_time":1622206484939295,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4894,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622206484939295,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49164,"dst_port":6831,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00583{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","packets-captured":172,"packets-processed":172,"total-skipped-flows":0,"total-l4-payload-len":94919,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1622206484939295} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 172/172 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 94919 bytes +~~ total detected protocols..: 2 +~~ total active/idle flows...: 2/2 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7602920 bytes +~~ total memory freed........: 7602920 bytes +~~ total allocations/frees...: 142874/142874 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 512 chars +~~ json string max len.......: 7061 chars +~~ json string avg len.......: 3746 chars diff --git a/test/results/default/tinc.pcap.out b/test/results/default/tinc.pcap.out index 3a55ce0d5..bb4ba565d 100644 --- a/test/results/default/tinc.pcap.out +++ b/test/results/default/tinc.pcap.out @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7983916 bytes -~~ total memory freed........: 7983916 bytes -~~ total allocations/frees...: 148647/148647 +~~ total memory allocated....: 7613649 bytes +~~ total memory freed........: 7613649 bytes +~~ total allocations/frees...: 143050/143050 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 2481 chars diff --git a/test/results/default/tk.pcap.out b/test/results/default/tk.pcap.out index ad44f9997..a872a763f 100644 --- a/test/results/default/tk.pcap.out +++ b/test/results/default/tk.pcap.out @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7968473 bytes -~~ total memory freed........: 7968473 bytes -~~ total allocations/frees...: 148315/148315 +~~ total memory allocated....: 7598182 bytes +~~ total memory freed........: 7598182 bytes +~~ total allocations/frees...: 142718/142718 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 508 chars ~~ json string max len.......: 1177 chars diff --git a/test/results/default/tls-appdata.pcap.out b/test/results/default/tls-appdata.pcap.out index 7e61e4055..e153c1b52 100644 --- a/test/results/default/tls-appdata.pcap.out +++ b/test/results/default/tls-appdata.pcap.out @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8010602 bytes -~~ total memory freed........: 8010602 bytes -~~ total allocations/frees...: 148425/148425 +~~ total memory allocated....: 7640287 bytes +~~ total memory freed........: 7640287 bytes +~~ total allocations/frees...: 142828/142828 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 517 chars ~~ json string max len.......: 4468 chars diff --git a/test/results/default/tls-esni-fuzzed.pcap.out b/test/results/default/tls-esni-fuzzed.pcap.out index cf5986215..f90fe62ca 100644 --- a/test/results/default/tls-esni-fuzzed.pcap.out +++ b/test/results/default/tls-esni-fuzzed.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7975826 bytes -~~ total memory freed........: 7975826 bytes -~~ total allocations/frees...: 148323/148323 +~~ total memory allocated....: 7605535 bytes +~~ total memory freed........: 7605535 bytes +~~ total allocations/frees...: 142726/142726 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 521 chars ~~ json string max len.......: 1509 chars diff --git a/test/results/default/tls-rdn-extract.pcap.out b/test/results/default/tls-rdn-extract.pcap.out index b71d2dc67..e9ca61e60 100644 --- a/test/results/default/tls-rdn-extract.pcap.out +++ b/test/results/default/tls-rdn-extract.pcap.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8008074 bytes -~~ total memory freed........: 8008074 bytes -~~ total allocations/frees...: 148346/148346 +~~ total memory allocated....: 7637735 bytes +~~ total memory freed........: 7637735 bytes +~~ total allocations/frees...: 142749/142749 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 521 chars ~~ json string max len.......: 3599 chars diff --git a/test/results/default/tls_2_reasms.pcapng.out b/test/results/default/tls_2_reasms.pcapng.out index 067b58b90..906f7aac6 100644 --- a/test/results/default/tls_2_reasms.pcapng.out +++ b/test/results/default/tls_2_reasms.pcapng.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7968642 bytes -~~ total memory freed........: 7968642 bytes -~~ total allocations/frees...: 148305/148305 +~~ total memory allocated....: 7598303 bytes +~~ total memory freed........: 7598303 bytes +~~ total allocations/frees...: 142708/142708 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 520 chars ~~ json string max len.......: 2386 chars diff --git a/test/results/default/tls_2_reasms_b.pcapng.out b/test/results/default/tls_2_reasms_b.pcapng.out index 46d19d0f6..135368b91 100644 --- a/test/results/default/tls_2_reasms_b.pcapng.out +++ b/test/results/default/tls_2_reasms_b.pcapng.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8005064 bytes -~~ total memory freed........: 8005064 bytes -~~ total allocations/frees...: 148312/148312 +~~ total memory allocated....: 7634725 bytes +~~ total memory freed........: 7634725 bytes +~~ total allocations/frees...: 142715/142715 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 522 chars ~~ json string max len.......: 2393 chars diff --git a/test/results/default/tls_alert.pcap.out b/test/results/default/tls_alert.pcap.out index 82f5c5abd..657c5eecc 100644 --- a/test/results/default/tls_alert.pcap.out +++ b/test/results/default/tls_alert.pcap.out @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7972917 bytes -~~ total memory freed........: 7972917 bytes -~~ total allocations/frees...: 148321/148321 +~~ total memory allocated....: 7602602 bytes +~~ total memory freed........: 7602602 bytes +~~ total allocations/frees...: 142724/142724 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 1320 chars diff --git a/test/results/default/tls_certificate_too_long.pcap.out b/test/results/default/tls_certificate_too_long.pcap.out index d34a80d81..a35448497 100644 --- a/test/results/default/tls_certificate_too_long.pcap.out +++ b/test/results/default/tls_certificate_too_long.pcap.out @@ -256,9 +256,9 @@ ~~ total active/idle flows...: 35/35 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8164252 bytes -~~ total memory freed........: 8164252 bytes -~~ total allocations/frees...: 149115/149115 +~~ total memory allocated....: 7794729 bytes +~~ total memory freed........: 7794729 bytes +~~ total allocations/frees...: 143518/143518 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 530 chars ~~ json string max len.......: 2529 chars diff --git a/test/results/default/tls_cipher_lens.pcap.out b/test/results/default/tls_cipher_lens.pcap.out index 25a5f3ea2..25c04205f 100644 --- a/test/results/default/tls_cipher_lens.pcap.out +++ b/test/results/default/tls_cipher_lens.pcap.out @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7982914 bytes -~~ total memory freed........: 7982914 bytes -~~ total allocations/frees...: 148346/148346 +~~ total memory allocated....: 7612671 bytes +~~ total memory freed........: 7612671 bytes +~~ total allocations/frees...: 142749/142749 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 521 chars ~~ json string max len.......: 1348 chars diff --git a/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out b/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out index 68dd58b71..601d7eec3 100644 --- a/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out +++ b/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7972897 bytes -~~ total memory freed........: 7972897 bytes -~~ total allocations/frees...: 148322/148322 +~~ total memory allocated....: 7602582 bytes +~~ total memory freed........: 7602582 bytes +~~ total allocations/frees...: 142725/142725 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 554 chars ~~ json string max len.......: 2545 chars diff --git a/test/results/default/tls_ech.pcapng.out b/test/results/default/tls_ech.pcapng.out new file mode 100644 index 000000000..0a8d3e4d8 --- /dev/null +++ b/test/results/default/tls_ech.pcapng.out @@ -0,0 +1,27 @@ +00510{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00573{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1688191412679858} +00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412679858,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688191412679858,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412679858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1688191412679858,"pkt":"ILAB4IZiNObXAhsnht1gC2UeACgGQCABCwcKPcESzha0CT0KkXcmBkcAAAAAAAAAAABoEh5OuWQBuzJpPqoAAAAAoAL\/KDqPAAACBAWMBAIICnfjZxIAAAAAAQMDBw=="} +00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1688191412684172,"pkt":"NObXAhsnILAB4IZiht1gBxYjACgGOiYGRwAAAAAAAAAAAGgSHk4gAQsHCj3BEs4WtAk9CpF3Abu5ZDjwJksyaT6roBL8wPi1AAACBATEBAIICk7TX8p342cSAQMDDQ=="} +00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1688191412684193,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1688191412684193,"pkt":"ILAB4IZiNObXAhsnht1gC2UeACAGQCABCwcKPcESzha0CT0KkXcmBkcAAAAAAAAAAABoEh5OuWQBuzJpPqs48CZMgBAB\/zqHAAABAQgKd+NnFk7TX8o="} +01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":670,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":670,"pkt_l4_len":616,"thread_ts_usec":1688191412684389,"pkt":"ILAB4IZiNObXAhsnht1gC2UeAmgGQCABCwcKPcESzha0CT0KkXcmBkcAAAAAAAAAAABoEh5OuWQBuzJpPqs48CZMgBgB\/zzPAAABAQgKd+NnFk7TX8oWAwECQwEAAj8DAx0oZiYaJMwMFcbeulsOlxoZojtyUk06HKKs6lbQH9u+IOCcoK4iEjoWXwEA+vIN+3ks9Ri5QAqLtS74CzwGBZzZACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAdZqagAAADMAKwApGhoAAQAAHQAgdElCiNf\/wfqgRpaFVvZGsCSoVf7tJ8eT6AhUE6p0ETYAIwAA\/wEAAQAALQACAQEAGwADAgACAAoACgAIGhoAHQAXABgAFwAAAAUABQEAAAAAABIAAAArAAcG2toDBAMDAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAQAA4ADAJoMghodHRwLzEuMQAAACUAIwAAIHBlcmZvcm1hbmNlLnJhZGFyLmNsb3VkZmxhcmUuY29t\/g0A+gAAAQAB2AAglVfBAMcb93aSkFbQIVkfZRUAHcHfESW5JAjZhoGloWcA0A3wlw2ffLQmwFmx4P6V\/Xwi+KVETWUyFJb6hXgeTF4xRlzHA+M2ityLRqaqstnSve4wBOXVwImLA1UxfzIS0WDh6AaqRcw+CjUVBgcYyXYCWv0\/BLltvQOamfSn2Yghqa2qNygp2re8mWWVmlqPTuNlBs0bq6CL0ll\/RkQD3P7tmjxJ8rguU6XKjQnqQxWLWMeHhqcsbPq7mZn6MaquKi9UFC9Hvvz1QsgFMFhOJYPWeDInAPacsjv2zKCBDD3vPKFk09\/rYX57ZNvnbmSJxNoACwACAQBEaQAFAAMCaDL6+gABAA=="} +01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688191412684389,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"performance.radar.cloudflare.com","tls": {"version":"TLSv1.2","ja3":"6820f114cf3b0809ffdcb30cb277848a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412688931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1688191412688931,"pkt":"NObXAhsnILAB4IZiht1gBxYjACAGOiYGRwAAAAAAAAAAAGgSHk4gAQsHCj3BEs4WtAk9CpF3Abu5ZDjwJkwyaUDzgBAAByECAAABAQgKTtNfznfjZxY="} +01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412692841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":2174,"midstream":0,"thread_ts_usec":1688191412692841,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"performance.radar.cloudflare.com","tls": {"version":"TLSv1.3","ja3":"6820f114cf3b0809ffdcb30cb277848a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412746874,"flow_dst_last_pkt_time":1688191412700618,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":648,"flow_dst_tot_l4_payload_len":2702,"midstream":0,"thread_ts_usec":1688191412746874,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00582{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":3350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1688191412746874} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 10/10 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 3350 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7600356 bytes +~~ total memory freed........: 7600356 bytes +~~ total allocations/frees...: 142705/142705 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 515 chars +~~ json string max len.......: 1368 chars +~~ json string avg len.......: 936 chars diff --git a/test/results/default/tls_esni_sni_both.pcap.out b/test/results/default/tls_esni_sni_both.pcap.out index 748dae91e..32638c6cd 100644 --- a/test/results/default/tls_esni_sni_both.pcap.out +++ b/test/results/default/tls_esni_sni_both.pcap.out @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7989951 bytes -~~ total memory freed........: 7989951 bytes -~~ total allocations/frees...: 148352/148352 +~~ total memory allocated....: 7619636 bytes +~~ total memory freed........: 7619636 bytes +~~ total allocations/frees...: 142755/142755 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 523 chars ~~ json string max len.......: 1465 chars diff --git a/test/results/default/tls_false_positives.pcapng.out b/test/results/default/tls_false_positives.pcapng.out index 7c19b79d9..13267d148 100644 --- a/test/results/default/tls_false_positives.pcapng.out +++ b/test/results/default/tls_false_positives.pcapng.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967017 bytes -~~ total memory freed........: 7967017 bytes -~~ total allocations/frees...: 148318/148318 +~~ total memory allocated....: 7596678 bytes +~~ total memory freed........: 7596678 bytes +~~ total allocations/frees...: 142721/142721 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 527 chars ~~ json string max len.......: 2419 chars diff --git a/test/results/default/tls_invalid_reads.pcap.out b/test/results/default/tls_invalid_reads.pcap.out index 7f0eab29c..3233b270c 100644 --- a/test/results/default/tls_invalid_reads.pcap.out +++ b/test/results/default/tls_invalid_reads.pcap.out @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7972610 bytes -~~ total memory freed........: 7972610 bytes -~~ total allocations/frees...: 148311/148311 +~~ total memory allocated....: 7602295 bytes +~~ total memory freed........: 7602295 bytes +~~ total allocations/frees...: 142714/142714 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 311 chars ~~ json string max len.......: 1220 chars diff --git a/test/results/default/tls_long_cert.pcap.out b/test/results/default/tls_long_cert.pcap.out index c218fea9a..27c00ea2e 100644 --- a/test/results/default/tls_long_cert.pcap.out +++ b/test/results/default/tls_long_cert.pcap.out @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8012266 bytes -~~ total memory freed........: 8012266 bytes -~~ total allocations/frees...: 148533/148533 +~~ total memory allocated....: 7641927 bytes +~~ total memory freed........: 7641927 bytes +~~ total allocations/frees...: 142936/142936 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 2738 chars diff --git a/test/results/default/tls_missing_ch_frag.pcap.out b/test/results/default/tls_missing_ch_frag.pcap.out index 29a397f06..ae493eccd 100644 --- a/test/results/default/tls_missing_ch_frag.pcap.out +++ b/test/results/default/tls_missing_ch_frag.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7976346 bytes -~~ total memory freed........: 7976346 bytes -~~ total allocations/frees...: 148305/148305 +~~ total memory allocated....: 7606007 bytes +~~ total memory freed........: 7606007 bytes +~~ total allocations/frees...: 142708/142708 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 525 chars ~~ json string max len.......: 2446 chars diff --git a/test/results/default/tls_multiple_synack_different_seq.pcapng.out b/test/results/default/tls_multiple_synack_different_seq.pcapng.out index 33783bf0e..3db470e18 100644 --- a/test/results/default/tls_multiple_synack_different_seq.pcapng.out +++ b/test/results/default/tls_multiple_synack_different_seq.pcapng.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7984157 bytes -~~ total memory freed........: 7984157 bytes -~~ total allocations/frees...: 148320/148320 +~~ total memory allocated....: 7613818 bytes +~~ total memory freed........: 7613818 bytes +~~ total allocations/frees...: 142723/142723 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 541 chars ~~ json string max len.......: 2013 chars diff --git a/test/results/default/tls_port_80.pcapng.out b/test/results/default/tls_port_80.pcapng.out index 10674ca48..f357fdca9 100644 --- a/test/results/default/tls_port_80.pcapng.out +++ b/test/results/default/tls_port_80.pcapng.out @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7968685 bytes -~~ total memory freed........: 7968685 bytes -~~ total allocations/frees...: 148307/148307 +~~ total memory allocated....: 7598346 bytes +~~ total memory freed........: 7598346 bytes +~~ total allocations/frees...: 142710/142710 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 1499 chars diff --git a/test/results/default/tls_torrent.pcapng.out b/test/results/default/tls_torrent.pcapng.out index f08d6bc5a..e11bccbdd 100644 --- a/test/results/default/tls_torrent.pcapng.out +++ b/test/results/default/tls_torrent.pcapng.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7980884 bytes -~~ total memory freed........: 7980884 bytes -~~ total allocations/frees...: 148304/148304 +~~ total memory allocated....: 7610545 bytes +~~ total memory freed........: 7610545 bytes +~~ total allocations/frees...: 142707/142707 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 2426 chars diff --git a/test/results/default/tls_unidirectional.pcap.out b/test/results/default/tls_unidirectional.pcap.out index a68fc4378..e5cbdbb21 100644 --- a/test/results/default/tls_unidirectional.pcap.out +++ b/test/results/default/tls_unidirectional.pcap.out @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8141026 bytes -~~ total memory freed........: 8141026 bytes -~~ total allocations/frees...: 148472/148472 +~~ total memory allocated....: 7770711 bytes +~~ total memory freed........: 7770711 bytes +~~ total allocations/frees...: 142875/142875 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 524 chars ~~ json string max len.......: 3812 chars diff --git a/test/results/default/tls_verylong_certificate.pcap.out b/test/results/default/tls_verylong_certificate.pcap.out index e4337baa4..cbb58ab4e 100644 --- a/test/results/default/tls_verylong_certificate.pcap.out +++ b/test/results/default/tls_verylong_certificate.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8139827 bytes -~~ total memory freed........: 8139827 bytes -~~ total allocations/frees...: 148474/148474 +~~ total memory allocated....: 7769488 bytes +~~ total memory freed........: 7769488 bytes +~~ total allocations/frees...: 142877/142877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 530 chars ~~ json string max len.......: 3917 chars diff --git a/test/results/default/toca-boca.pcap.out b/test/results/default/toca-boca.pcap.out index 61aae848a..9cd7d0d86 100644 --- a/test/results/default/toca-boca.pcap.out +++ b/test/results/default/toca-boca.pcap.out @@ -124,9 +124,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8008332 bytes -~~ total memory freed........: 8008332 bytes -~~ total allocations/frees...: 148584/148584 +~~ total memory allocated....: 7638473 bytes +~~ total memory freed........: 7638473 bytes +~~ total allocations/frees...: 142987/142987 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 2176 chars diff --git a/test/results/default/tor.pcap.out b/test/results/default/tor.pcap.out index 6df517f0e..5f4db6eb1 100644 --- a/test/results/default/tor.pcap.out +++ b/test/results/default/tor.pcap.out @@ -172,9 +172,9 @@ ~~ total active/idle flows...: 11/11 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8024422 bytes -~~ total memory freed........: 8024422 bytes -~~ total allocations/frees...: 148784/148784 +~~ total memory allocated....: 7654323 bytes +~~ total memory freed........: 7654323 bytes +~~ total allocations/frees...: 143187/143187 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 293 chars ~~ json string max len.......: 2678 chars diff --git a/test/results/default/tplink_shp.pcap.out b/test/results/default/tplink_shp.pcap.out index 6850e0001..f63b48b59 100644 --- a/test/results/default/tplink_shp.pcap.out +++ b/test/results/default/tplink_shp.pcap.out @@ -320,9 +320,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7985854 bytes -~~ total memory freed........: 7985854 bytes -~~ total allocations/frees...: 148607/148607 +~~ total memory allocated....: 7615683 bytes +~~ total memory freed........: 7615683 bytes +~~ total allocations/frees...: 143010/143010 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 2290 chars diff --git a/test/results/default/trickbot.pcap.out b/test/results/default/trickbot.pcap.out index 20a3244b3..cd5927a9f 100644 --- a/test/results/default/trickbot.pcap.out +++ b/test/results/default/trickbot.pcap.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966486 bytes -~~ total memory freed........: 7966486 bytes -~~ total allocations/frees...: 148369/148369 +~~ total memory allocated....: 7596147 bytes +~~ total memory freed........: 7596147 bytes +~~ total allocations/frees...: 142772/142772 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2535 chars diff --git a/test/results/default/tumblr.pcap.out b/test/results/default/tumblr.pcap.out index 442cf92c3..a2ec5a066 100644 --- a/test/results/default/tumblr.pcap.out +++ b/test/results/default/tumblr.pcap.out @@ -324,9 +324,9 @@ ~~ total active/idle flows...: 47/47 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8610061 bytes -~~ total memory freed........: 8610061 bytes -~~ total allocations/frees...: 149674/149674 +~~ total memory allocated....: 8240826 bytes +~~ total memory freed........: 8240826 bytes +~~ total allocations/frees...: 144077/144077 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2269 chars diff --git a/test/results/default/tunnelbear.pcap.out b/test/results/default/tunnelbear.pcap.out index 4f3f177d4..b5fdb9174 100644 --- a/test/results/default/tunnelbear.pcap.out +++ b/test/results/default/tunnelbear.pcap.out @@ -199,9 +199,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8139434 bytes -~~ total memory freed........: 8139434 bytes -~~ total allocations/frees...: 149049/149049 +~~ total memory allocated....: 7769575 bytes +~~ total memory freed........: 7769575 bytes +~~ total allocations/frees...: 143452/143452 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 2185 chars diff --git a/test/results/default/tuya_lp.pcap.out b/test/results/default/tuya_lp.pcap.out index f2807c606..5ea0a763c 100644 --- a/test/results/default/tuya_lp.pcap.out +++ b/test/results/default/tuya_lp.pcap.out @@ -113,9 +113,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7991777 bytes -~~ total memory freed........: 7991777 bytes -~~ total allocations/frees...: 148504/148504 +~~ total memory allocated....: 7621726 bytes +~~ total memory freed........: 7621726 bytes +~~ total allocations/frees...: 142907/142907 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 985 chars diff --git a/test/results/default/ubntac2.pcap.out b/test/results/default/ubntac2.pcap.out index a343e2eb4..33a7767da 100644 --- a/test/results/default/ubntac2.pcap.out +++ b/test/results/default/ubntac2.pcap.out @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7978807 bytes -~~ total memory freed........: 7978807 bytes -~~ total allocations/frees...: 148364/148364 +~~ total memory allocated....: 7608636 bytes +~~ total memory freed........: 7608636 bytes +~~ total allocations/frees...: 142767/142767 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 989 chars diff --git a/test/results/default/ultrasurf.pcap.out b/test/results/default/ultrasurf.pcap.out index c9c05a60c..adc778931 100644 --- a/test/results/default/ultrasurf.pcap.out +++ b/test/results/default/ultrasurf.pcap.out @@ -38,9 +38,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8002907 bytes -~~ total memory freed........: 8002907 bytes -~~ total allocations/frees...: 148656/148656 +~~ total memory allocated....: 7632616 bytes +~~ total memory freed........: 7632616 bytes +~~ total allocations/frees...: 143059/143059 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 4049 chars diff --git a/test/results/default/upnp.pcap.out b/test/results/default/upnp.pcap.out index 0232b75e5..96a449a4a 100644 --- a/test/results/default/upnp.pcap.out +++ b/test/results/default/upnp.pcap.out @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966549 bytes -~~ total memory freed........: 7966549 bytes -~~ total allocations/frees...: 148310/148310 +~~ total memory allocated....: 7596234 bytes +~~ total memory freed........: 7596234 bytes +~~ total allocations/frees...: 142713/142713 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 1419 chars diff --git a/test/results/default/viber.pcap.out b/test/results/default/viber.pcap.out index e03bc4a54..0bfeed9fd 100644 --- a/test/results/default/viber.pcap.out +++ b/test/results/default/viber.pcap.out @@ -229,9 +229,9 @@ ~~ total active/idle flows...: 29/29 ~~ total timeout flows.......: 4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8195843 bytes -~~ total memory freed........: 8195843 bytes -~~ total allocations/frees...: 149101/149101 +~~ total memory allocated....: 7826176 bytes +~~ total memory freed........: 7826176 bytes +~~ total allocations/frees...: 143504/143504 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 2483 chars diff --git a/test/results/default/vk.pcapng.out b/test/results/default/vk.pcapng.out index d0214d231..2dcf8721e 100644 --- a/test/results/default/vk.pcapng.out +++ b/test/results/default/vk.pcapng.out @@ -86,9 +86,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8029952 bytes -~~ total memory freed........: 8029952 bytes -~~ total allocations/frees...: 149313/149313 +~~ total memory allocated....: 7659829 bytes +~~ total memory freed........: 7659829 bytes +~~ total allocations/frees...: 143716/143716 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 1979 chars diff --git a/test/results/default/vnc.pcap.out b/test/results/default/vnc.pcap.out index a49c151d2..aff529f24 100644 --- a/test/results/default/vnc.pcap.out +++ b/test/results/default/vnc.pcap.out @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8102294 bytes -~~ total memory freed........: 8102294 bytes -~~ total allocations/frees...: 152853/152853 +~~ total memory allocated....: 7731979 bytes +~~ total memory freed........: 7731979 bytes +~~ total allocations/frees...: 147256/147256 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 2389 chars diff --git a/test/results/default/vrrp3.pcapng.out b/test/results/default/vrrp3.pcapng.out index b34ecaace..4f102eb5a 100644 --- a/test/results/default/vrrp3.pcapng.out +++ b/test/results/default/vrrp3.pcapng.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966433 bytes -~~ total memory freed........: 7966433 bytes -~~ total allocations/frees...: 148306/148306 +~~ total memory allocated....: 7596118 bytes +~~ total memory freed........: 7596118 bytes +~~ total allocations/frees...: 142709/142709 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 926 chars diff --git a/test/results/default/vxlan.pcap.out b/test/results/default/vxlan.pcap.out index 0be9517e6..ef0eefa2c 100644 --- a/test/results/default/vxlan.pcap.out +++ b/test/results/default/vxlan.pcap.out @@ -69,9 +69,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7984582 bytes -~~ total memory freed........: 7984582 bytes -~~ total allocations/frees...: 148502/148502 +~~ total memory allocated....: 7614435 bytes +~~ total memory freed........: 7614435 bytes +~~ total allocations/frees...: 142905/142905 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 2500 chars diff --git a/test/results/default/wa_video.pcap.out b/test/results/default/wa_video.pcap.out index 2b17ed05c..87d47863e 100644 --- a/test/results/default/wa_video.pcap.out +++ b/test/results/default/wa_video.pcap.out @@ -104,9 +104,9 @@ ~~ total active/idle flows...: 14/14 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8015928 bytes -~~ total memory freed........: 8015928 bytes -~~ total allocations/frees...: 149206/149206 +~~ total memory allocated....: 7645901 bytes +~~ total memory freed........: 7645901 bytes +~~ total allocations/frees...: 143609/143609 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2461 chars diff --git a/test/results/default/wa_voice.pcap.out b/test/results/default/wa_voice.pcap.out index e2893a960..0c5689a64 100644 --- a/test/results/default/wa_voice.pcap.out +++ b/test/results/default/wa_voice.pcap.out @@ -213,9 +213,9 @@ ~~ total active/idle flows...: 28/28 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8056293 bytes -~~ total memory freed........: 8056293 bytes -~~ total allocations/frees...: 149319/149319 +~~ total memory allocated....: 7686602 bytes +~~ total memory freed........: 7686602 bytes +~~ total allocations/frees...: 143722/143722 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2501 chars diff --git a/test/results/default/waze.pcap.out b/test/results/default/waze.pcap.out index 11d1179e0..c4a3065d1 100644 --- a/test/results/default/waze.pcap.out +++ b/test/results/default/waze.pcap.out @@ -290,9 +290,9 @@ ~~ total active/idle flows...: 33/33 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8341042 bytes -~~ total memory freed........: 8341042 bytes -~~ total allocations/frees...: 149381/149381 +~~ total memory allocated....: 7971471 bytes +~~ total memory freed........: 7971471 bytes +~~ total allocations/frees...: 143784/143784 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 2461 chars diff --git a/test/results/default/webex.pcap.out b/test/results/default/webex.pcap.out index 0fdaf5600..99e5def71 100644 --- a/test/results/default/webex.pcap.out +++ b/test/results/default/webex.pcap.out @@ -505,9 +505,9 @@ ~~ total active/idle flows...: 57/57 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8491781 bytes -~~ total memory freed........: 8491781 bytes -~~ total allocations/frees...: 150357/150357 +~~ total memory allocated....: 8122786 bytes +~~ total memory freed........: 8122786 bytes +~~ total allocations/frees...: 144760/144760 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 2462 chars diff --git a/test/results/default/websocket.pcap.out b/test/results/default/websocket.pcap.out index 6dbef4efb..3991e29c1 100644 --- a/test/results/default/websocket.pcap.out +++ b/test/results/default/websocket.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966292 bytes -~~ total memory freed........: 7966292 bytes -~~ total allocations/frees...: 148293/148293 +~~ total memory allocated....: 7595953 bytes +~~ total memory freed........: 7595953 bytes +~~ total allocations/frees...: 142696/142696 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 1103 chars diff --git a/test/results/default/wechat.pcap.out b/test/results/default/wechat.pcap.out index 9936f61db..9d1ffd370 100644 --- a/test/results/default/wechat.pcap.out +++ b/test/results/default/wechat.pcap.out @@ -891,9 +891,9 @@ ~~ total active/idle flows...: 109/109 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8697158 bytes -~~ total memory freed........: 8697158 bytes -~~ total allocations/frees...: 151766/151766 +~~ total memory allocated....: 8329411 bytes +~~ total memory freed........: 8329411 bytes +~~ total allocations/frees...: 146169/146169 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2351 chars diff --git a/test/results/default/weibo.pcap.out b/test/results/default/weibo.pcap.out index 867ca3861..52e117030 100644 --- a/test/results/default/weibo.pcap.out +++ b/test/results/default/weibo.pcap.out @@ -273,9 +273,9 @@ ~~ total active/idle flows...: 44/44 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8073171 bytes -~~ total memory freed........: 8073171 bytes -~~ total allocations/frees...: 149322/149322 +~~ total memory allocated....: 7703864 bytes +~~ total memory freed........: 7703864 bytes +~~ total allocations/frees...: 143725/143725 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 2222 chars diff --git a/test/results/default/whatsapp.pcap.out b/test/results/default/whatsapp.pcap.out index 0130c4353..3c55cea71 100644 --- a/test/results/default/whatsapp.pcap.out +++ b/test/results/default/whatsapp.pcap.out @@ -757,9 +757,9 @@ ~~ total active/idle flows...: 86/86 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8338418 bytes -~~ total memory freed........: 8338418 bytes -~~ total allocations/frees...: 149987/149987 +~~ total memory allocated....: 7970119 bytes +~~ total memory freed........: 7970119 bytes +~~ total allocations/frees...: 144390/144390 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2263 chars diff --git a/test/results/default/whatsapp_login_call.pcap.out b/test/results/default/whatsapp_login_call.pcap.out index 15d3650dd..62b4243f3 100644 --- a/test/results/default/whatsapp_login_call.pcap.out +++ b/test/results/default/whatsapp_login_call.pcap.out @@ -467,9 +467,9 @@ ~~ total active/idle flows...: 57/57 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8152688 bytes -~~ total memory freed........: 8152688 bytes -~~ total allocations/frees...: 150169/150169 +~~ total memory allocated....: 7783693 bytes +~~ total memory freed........: 7783693 bytes +~~ total allocations/frees...: 144572/144572 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 525 chars ~~ json string max len.......: 2513 chars diff --git a/test/results/default/whatsapp_login_chat.pcap.out b/test/results/default/whatsapp_login_chat.pcap.out index fc229358c..7c859d13e 100644 --- a/test/results/default/whatsapp_login_chat.pcap.out +++ b/test/results/default/whatsapp_login_chat.pcap.out @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7991648 bytes -~~ total memory freed........: 7991648 bytes -~~ total allocations/frees...: 148467/148467 +~~ total memory allocated....: 7621501 bytes +~~ total memory freed........: 7621501 bytes +~~ total allocations/frees...: 142870/142870 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 525 chars ~~ json string max len.......: 2496 chars diff --git a/test/results/default/whatsapp_voice_and_message.pcap.out b/test/results/default/whatsapp_voice_and_message.pcap.out index 88c9c3285..2f6b17445 100644 --- a/test/results/default/whatsapp_voice_and_message.pcap.out +++ b/test/results/default/whatsapp_voice_and_message.pcap.out @@ -132,9 +132,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8007108 bytes -~~ total memory freed........: 8007108 bytes -~~ total allocations/frees...: 148685/148685 +~~ total memory allocated....: 7637057 bytes +~~ total memory freed........: 7637057 bytes +~~ total allocations/frees...: 143088/143088 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 532 chars ~~ json string max len.......: 2215 chars diff --git a/test/results/default/whatsappfiles.pcap.out b/test/results/default/whatsappfiles.pcap.out index c924b9722..74c13ed2e 100644 --- a/test/results/default/whatsappfiles.pcap.out +++ b/test/results/default/whatsappfiles.pcap.out @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7998826 bytes -~~ total memory freed........: 7998826 bytes -~~ total allocations/frees...: 148936/148936 +~~ total memory allocated....: 7628511 bytes +~~ total memory freed........: 7628511 bytes +~~ total allocations/frees...: 143339/143339 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 2206 chars diff --git a/test/results/default/whois.pcapng.out b/test/results/default/whois.pcapng.out index 510e5e1a1..4f4124b85 100644 --- a/test/results/default/whois.pcapng.out +++ b/test/results/default/whois.pcapng.out @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7975214 bytes -~~ total memory freed........: 7975214 bytes -~~ total allocations/frees...: 148340/148340 +~~ total memory allocated....: 7604923 bytes +~~ total memory freed........: 7604923 bytes +~~ total allocations/frees...: 142743/142743 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2145 chars diff --git a/test/results/default/windowsupdate_over_http.pcap.out b/test/results/default/windowsupdate_over_http.pcap.out index 2ca484fa6..55d58c73b 100644 --- a/test/results/default/windowsupdate_over_http.pcap.out +++ b/test/results/default/windowsupdate_over_http.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7965578 bytes -~~ total memory freed........: 7965578 bytes -~~ total allocations/frees...: 148323/148323 +~~ total memory allocated....: 7595239 bytes +~~ total memory freed........: 7595239 bytes +~~ total allocations/frees...: 142726/142726 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 521 chars ~~ json string max len.......: 1617 chars diff --git a/test/results/default/wireguard.pcap.out b/test/results/default/wireguard.pcap.out index 61d5f45f5..cfe2f0859 100644 --- a/test/results/default/wireguard.pcap.out +++ b/test/results/default/wireguard.pcap.out @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967707 bytes -~~ total memory freed........: 7967707 bytes -~~ total allocations/frees...: 148350/148350 +~~ total memory allocated....: 7597392 bytes +~~ total memory freed........: 7597392 bytes +~~ total allocations/frees...: 142753/142753 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 515 chars ~~ json string max len.......: 1610 chars diff --git a/test/results/default/wow.pcap.out b/test/results/default/wow.pcap.out index fa6c63f6a..cb96fffc0 100644 --- a/test/results/default/wow.pcap.out +++ b/test/results/default/wow.pcap.out @@ -50,9 +50,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7981757 bytes -~~ total memory freed........: 7981757 bytes -~~ total allocations/frees...: 148443/148443 +~~ total memory allocated....: 7611514 bytes +~~ total memory freed........: 7611514 bytes +~~ total allocations/frees...: 142846/142846 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 1213 chars diff --git a/test/results/default/xdmcp.pcap.out b/test/results/default/xdmcp.pcap.out index 703193354..28aee9e77 100644 --- a/test/results/default/xdmcp.pcap.out +++ b/test/results/default/xdmcp.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964273 bytes -~~ total memory freed........: 7964273 bytes -~~ total allocations/frees...: 148293/148293 +~~ total memory allocated....: 7593934 bytes +~~ total memory freed........: 7593934 bytes +~~ total allocations/frees...: 142696/142696 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 1091 chars diff --git a/test/results/default/xiaomi.pcap.out b/test/results/default/xiaomi.pcap.out index 4788d9c54..ea5eda3d2 100644 --- a/test/results/default/xiaomi.pcap.out +++ b/test/results/default/xiaomi.pcap.out @@ -64,9 +64,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7991142 bytes -~~ total memory freed........: 7991142 bytes -~~ total allocations/frees...: 148427/148427 +~~ total memory allocated....: 7620947 bytes +~~ total memory freed........: 7620947 bytes +~~ total allocations/frees...: 142830/142830 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 1835 chars diff --git a/test/results/default/xss.pcap.out b/test/results/default/xss.pcap.out index 0969f0363..83ad49d27 100644 --- a/test/results/default/xss.pcap.out +++ b/test/results/default/xss.pcap.out @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7966879 bytes -~~ total memory freed........: 7966879 bytes -~~ total allocations/frees...: 148317/148317 +~~ total memory allocated....: 7596564 bytes +~~ total memory freed........: 7596564 bytes +~~ total allocations/frees...: 142720/142720 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 509 chars ~~ json string max len.......: 1386 chars diff --git a/test/results/default/yandex.pcapng.out b/test/results/default/yandex.pcapng.out index 11b4748f6..5b20da11d 100644 --- a/test/results/default/yandex.pcapng.out +++ b/test/results/default/yandex.pcapng.out @@ -90,9 +90,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8078855 bytes -~~ total memory freed........: 8078855 bytes -~~ total allocations/frees...: 148603/148603 +~~ total memory allocated....: 7708708 bytes +~~ total memory freed........: 7708708 bytes +~~ total allocations/frees...: 143006/143006 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 2738 chars diff --git a/test/results/default/youtube_quic.pcap.out b/test/results/default/youtube_quic.pcap.out index e61d002c2..9c9948f83 100644 --- a/test/results/default/youtube_quic.pcap.out +++ b/test/results/default/youtube_quic.pcap.out @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7976824 bytes -~~ total memory freed........: 7976824 bytes -~~ total allocations/frees...: 148601/148601 +~~ total memory allocated....: 7606533 bytes +~~ total memory freed........: 7606533 bytes +~~ total allocations/frees...: 143004/143004 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 518 chars ~~ json string max len.......: 2350 chars diff --git a/test/results/default/youtubeupload.pcap.out b/test/results/default/youtubeupload.pcap.out index 02bdf5812..4e083405a 100644 --- a/test/results/default/youtubeupload.pcap.out +++ b/test/results/default/youtubeupload.pcap.out @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7984731 bytes -~~ total memory freed........: 7984731 bytes -~~ total allocations/frees...: 148469/148469 +~~ total memory allocated....: 7614440 bytes +~~ total memory freed........: 7614440 bytes +~~ total allocations/frees...: 142872/142872 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 2355 chars diff --git a/test/results/default/z3950.pcapng.out b/test/results/default/z3950.pcapng.out index 6eb069bea..96c6900bd 100644 --- a/test/results/default/z3950.pcapng.out +++ b/test/results/default/z3950.pcapng.out @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7971194 bytes -~~ total memory freed........: 7971194 bytes -~~ total allocations/frees...: 148331/148331 +~~ total memory allocated....: 7600879 bytes +~~ total memory freed........: 7600879 bytes +~~ total allocations/frees...: 142734/142734 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 1110 chars diff --git a/test/results/default/zabbix.pcap.out b/test/results/default/zabbix.pcap.out index 2e8db8d46..055d35136 100644 --- a/test/results/default/zabbix.pcap.out +++ b/test/results/default/zabbix.pcap.out @@ -7,20 +7,205 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1572254070608917,"flow_dst_last_pkt_time":1572254070608854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1572254070608917,"pkt":"RoQclwmZOjUSPEK7CABFAABL5AlAAEAGTtfAqENiwKhDGd9KJ0JwAdHVcPF4ZYAYAOUICgAAAQEICivCNdQrfUX3WkJYRAEKAAAAAAAAAHByb2MubnVtW10="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1572254070608539,"flow_src_last_pkt_time":1572254070608917,"flow_dst_last_pkt_time":1572254070608854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1572254070608917,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1572254070608917,"flow_dst_last_pkt_time":1572254070609214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1572254070609214,"pkt":"OjUSPEK7RoQclwmZCABFAAA0t4ZAAEAGe3HAqEMZwKhDYidC30pw8XhlcAHR7IAQAONpMQAAAQEICit9RfcrwjXU"} -00970{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1572254070608539,"flow_src_last_pkt_time":1572254070614569,"flow_dst_last_pkt_time":1572254070614852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1572254070614852,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00577{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":39,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1572254070614852} +00575{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":39,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1657872825792772} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872825792772,"flow_src_last_pkt_time":1657872825792772,"flow_dst_last_pkt_time":1657872825792772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872825792772,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":36699,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1657872825792772,"flow_dst_last_pkt_time":1657872825792772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872825792772,"pkt":"AAwphPY8AAwpXdTzCABFAAA86nZAAEAGwNPAqAcQwKgHEY9bJ0PFmT3IAAAAAKAC+vDyGgAAAgQFtAQCCArVxDu9AAAAAAEDAwc="} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1657872825792772,"flow_dst_last_pkt_time":1657872825792809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872825792809,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDj1uwlSH0xZk9yaAS\/ohzWgAAAgQFtAQCCAqaoA3u1cQ7vQEDAwc="} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1657872825792913,"flow_dst_last_pkt_time":1657872825792809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872825792913,"pkt":"AAwphPY8AAwpXdTzCABFAAA06ndAAEAGwNrAqAcQwKgHEY9bJ0PFmT3JsJUh9YAQAfaeuAAAAQEICtXEO72aoA3u"} +00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1657872825793409,"flow_dst_last_pkt_time":1657872825792809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_usec":1657872825793409,"pkt":"AAwphPY8AAwpXdTzCABFAACP6nhAAEAGwH7AqAcQwKgHEY9bJ0PFmT3JsJUh9YAYAfZYBgAAAQEICtXEO72aoA3uWkJYRANOAAAARQAAAHicqlYqSi0sTS0uUbJSSkwuySxLVUjOSE3OLlbSUcrIBwtHJSYlZVaY6RnpJudkpuaVKOkolaUWFWfm5ylZKZnpGSnVAgIAAP\/\/OxIWqQ=="} +00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872825792772,"flow_src_last_pkt_time":1657872825793409,"flow_dst_last_pkt_time":1657872825792809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872825793409,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":36699,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1657872825793409,"flow_dst_last_pkt_time":1657872825793428,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872825793428,"pkt":"AAwpXdTzAAwphPY8CABFAAA0hIBAAEAGJtLAqAcRwKgHECdDj1uwlSH1xZk+JIAQAf2eVgAAAQEICpqgDe\/VxDu9"} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872825796640,"flow_src_last_pkt_time":1657872825796640,"flow_dst_last_pkt_time":1657872825796640,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872825796640,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":54089,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1657872825796640,"flow_dst_last_pkt_time":1657872825796640,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872825796640,"pkt":"AAwphPY8AAwpXdTzCABFAAA8ZpZAAEAGRLTAqAcQwKgHEdNJJ0Nj0kvXAAAAAKAC+vAB4QAAAgQFtAQCCArVxDvBAAAAAAEDAwc="} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1657872825796640,"flow_dst_last_pkt_time":1657872825796651,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872825796651,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdD00m2qpL1Y9JL2KAS\/ogMBgAAAgQFtAQCCAqaoA3y1cQ7wQEDAwc="} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1657872825796690,"flow_dst_last_pkt_time":1657872825796651,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872825796690,"pkt":"AAwphPY8AAwpXdTzCABFAAA0ZpdAAEAGRLvAqAcQwKgHEdNJJ0Nj0kvYtqqS9oAQAfY3ZAAAAQEICtXEO8GaoA3y"} +00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1657872825797831,"flow_dst_last_pkt_time":1657872825796651,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_usec":1657872825797831,"pkt":"AAwphPY8AAwpXdTzCABFAACTZphAAEAGRFvAqAcQwKgHEdNJJ0Nj0kvYtqqS9oAYAfYXoQAAAQEICtXEO8KaoA3yWkJYRANSAAAAUgAAAHicqlYqSi0sTS0uUbJSSkwuySxLVUjOSE3OVshITSwqSUpNLFHSUcrIB8tHJSYlZVaY6RnpJudkpuaBZWCq4tOKUguVrMwMagEBAAD\/\/6XPHEk="} +00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872825796640,"flow_src_last_pkt_time":1657872825797831,"flow_dst_last_pkt_time":1657872825796651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":95,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":95,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872825797831,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":54089,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1657872825797831,"flow_dst_last_pkt_time":1657872825797839,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872825797839,"pkt":"AAwpXdTzAAwphPY8CABFAAA0ttdAAEAG9HrAqAcRwKgHECdD00m2qpL2Y9JMN4AQAf02\/QAAAQEICpqgDfPVxDvC"} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872831792753,"flow_src_last_pkt_time":1657872831792753,"flow_dst_last_pkt_time":1657872831792753,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872831792753,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":37781,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1657872831792753,"flow_dst_last_pkt_time":1657872831792753,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872831792753,"pkt":"AAwphPY8AAwpXdTzCABFAAA8u4BAAEAG78nAqAcQwKgHEZOVJ0P5MlnXAAAAAKAC+vCGyAAAAgQFtAQCCArVxFMtAAAAAAEDAwc="} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1657872831792753,"flow_dst_last_pkt_time":1657872831792781,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872831792781,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDk5UJ9i4r+TJZ2KAS\/oiLAAAAAgQFtAQCCAqaoCVe1cRTLQEDAwc="} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1657872831793290,"flow_dst_last_pkt_time":1657872831792781,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872831793290,"pkt":"AAwphPY8AAwpXdTzCABFAAA0u4FAAEAG79DAqAcQwKgHEZOVJ0P5MlnYCfYuLIAQAfa2XgAAAQEICtXEUy2aoCVe"} +00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1657872831793335,"flow_dst_last_pkt_time":1657872831792781,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"thread_ts_usec":1657872831793335,"pkt":"AAwphPY8AAwpXdTzCABFAAE1u4JAAEAG7s7AqAcQwKgHEZOVJ0P5MlnYCfYuLIAYAfZ2sAAAAQEICtXEUy2aoCVeWkJYRAP0AAAA7gEAAHicjNFNasMwEAXgq5S3VoVG0ox+jtLShWSrrWnq0NgJhZC7l\/yYYMiis5lZDB8P3hG79rNv04yM8tHG+akvc4HCZeXXI4YemRSGuX2fTxe8DQqHstk3ZBhtLgOFbrPtvpBJOMRg4\/lrnJDJhxDZn9SVsmsq\/ouKVypYY4MskltJMd2lKDrZZEgeUOlKcaIkvFB+RSVzp1LSIt7yA8qZG8UkISwUrym6U0yanTjyDyhaUgkxn94UpjZNw3ZERihUC5tYjfHe174Vlt53jtJ7V6t1UPjcXvp7KbUOv6Ltc7cZ2jhD4dB2N0a0xekvAAD\/\/04MhQg="} +00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872831792753,"flow_src_last_pkt_time":1657872831793335,"flow_dst_last_pkt_time":1657872831792781,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872831793335,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":37781,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1657872831793335,"flow_dst_last_pkt_time":1657872831793344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872831793344,"pkt":"AAwpXdTzAAwphPY8CABFAAA0xNxAAEAG5nXAqAcRwKgHECdDk5UJ9i4s+TJa2YAQAfy1VwAAAQEICpqgJV\/VxFMt"} +00970{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1572254070608539,"flow_src_last_pkt_time":1572254070614569,"flow_dst_last_pkt_time":1572254070614852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657872831794189,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872837792827,"flow_src_last_pkt_time":1657872837792827,"flow_dst_last_pkt_time":1657872837792827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872837792827,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":58079,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1657872837792827,"flow_dst_last_pkt_time":1657872837792827,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872837792827,"pkt":"AAwphPY8AAwpXdTzCABFAAA8L9lAAEAGe3HAqAcQwKgHEeLfJ0OV8NHDAAAAAKAC+vALZAAAAgQFtAQCCArVxGqdAAAAAAEDAwc="} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1657872837792827,"flow_dst_last_pkt_time":1657872837792856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872837792856,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdD4t+C5SzClfDRxKAS\/oiApQAAAgQFtAQCCAqaoDzO1cRqnQEDAwc="} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1657872837793420,"flow_dst_last_pkt_time":1657872837792856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872837793420,"pkt":"AAwphPY8AAwpXdTzCABFAAA0L9pAAEAGe3jAqAcQwKgHEeLfJ0OV8NHEguUsw4AQAfasAwAAAQEICtXEap2aoDzO"} +00980{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1657872837793883,"flow_dst_last_pkt_time":1657872837792856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":385,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":385,"pkt_l4_len":351,"thread_ts_usec":1657872837793883,"pkt":"AAwphPY8AAwpXdTzCABFAAFzL9tAAEAGejjAqAcQwKgHEeLfJ0OV8NHEguUsw4AYAfa96wAAAQEICtXEap6aoDzOWkJYRAMyAQAA3gIAAHicfNLRrtMwDIDhV0G+DpXt2E7SRwFxkbYBKkYnTnsmpGnvjrqt2yKVc5Vcfcof+wxv5c97mRdoIf8o0\/JpyEsGB9ej\/XqGcYDWHIxL+b1efZDEDk758F6ghdgQhpgiOOgPx\/4XtGQaYuDo2cE0Q0tsHL1d3I0KNeWfFKGYILPynubvmkZOpJsWK83LU2PUoEox8A4mN8xCYJLNSvXLXiwSQ01sgv+3CJOJ8oYR1po+NSUMImQmO5pumRTR8KFR3fmipdQkI0r2ARbW0PTAuMas+rTodW3d0eymafSk9MB83fmCEWFMhLg3zbsVQlpX45uDuczzeJyghZCpy4qxQxSRbihZbZDeU\/redx17cPDzeN3XL7nrxr\/W8Of+MJZpAQen8nZnrGG4\/AsAAP\/\/\/bDCAA=="} +00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872837792827,"flow_src_last_pkt_time":1657872837793883,"flow_dst_last_pkt_time":1657872837792856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872837793883,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":58079,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1657872837793883,"flow_dst_last_pkt_time":1657872837793898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872837793898,"pkt":"AAwpXdTzAAwphPY8CABFAAA0EU1AAEAGmgXAqAcRwKgHECdD4t+C5SzDlfDTA4AQAfuqvgAAAQEICpqgPM\/VxGqe"} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872843792650,"flow_src_last_pkt_time":1657872843792650,"flow_dst_last_pkt_time":1657872843792650,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872843792650,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":33661,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1657872843792650,"flow_dst_last_pkt_time":1657872843792650,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872843792650,"pkt":"AAwphPY8AAwpXdTzCABFAAA8UxNAAEAGWDfAqAcQwKgHEYN9J0PKek1lAAAAAKAC+vCjKgAAAgQFtAQCCArVxIINAAAAAAEDAwc="} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1657872843792650,"flow_dst_last_pkt_time":1657872843792687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872843792687,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDg32jDXGfynpNZqAS\/oib9gAAAgQFtAQCCAqaoFQ+1cSCDQEDAwc="} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1657872843792814,"flow_dst_last_pkt_time":1657872843792687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872843792814,"pkt":"AAwphPY8AAwpXdTzCABFAAA0UxRAAEAGWD7AqAcQwKgHEYN9J0PKek1mow1xoIAQAfbHVAAAAQEICtXEgg2aoFQ+"} +00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1657872843793364,"flow_dst_last_pkt_time":1657872843792687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":322,"pkt_l4_len":288,"thread_ts_usec":1657872843793364,"pkt":"AAwphPY8AAwpXdTzCABFAAE0UxVAAEAGVz3AqAcQwKgHEYN9J0PKek1mow1xoIAYAfbooQAAAQEICtXEgg2aoFQ+WkJYRAPzAAAA6AEAAHicbNHBasMwDAbgVxk6e8WWbMn2o2zsYCfeFpYlrEnLoOTdR5rQLJCTdPj18YNucC4\/lzKMECF9lG58qtOYQMF9xNcbNDVEYxU0Y\/medxJLXsE1tZcCEQg9g4Kq7asviIadeEE\/J7oBIpMjbya1Mm7PhI0xB0ZYDBcINT8M3hnWbIZ1JMZrc9Bnji19UP5Zsrdws1w4cfA66AMLV0swWHlYfm\/RZglrjToEPLBosYwVzSLTm4KhDEPTd\/NdMjk57bPW1tpcl+S4thWZ8F7ljAQKPvv7515Szs0vn\/C5apvSjaDgWs4rwyeE6S8AAP\/\/LnOD\/w=="} +00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872843792650,"flow_src_last_pkt_time":1657872843793364,"flow_dst_last_pkt_time":1657872843792687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872843793364,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":33661,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1657872843793364,"flow_dst_last_pkt_time":1657872843793378,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872843793378,"pkt":"AAwpXdTzAAwphPY8CABFAAA0FtFAAEAGlIHAqAcRwKgHECdDg32jDXGgynpOZoAQAfzGTgAAAQEICpqgVD\/VxIIN"} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872870792611,"flow_src_last_pkt_time":1657872870792611,"flow_dst_last_pkt_time":1657872870792611,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872870792611,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":40553,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1657872870792611,"flow_dst_last_pkt_time":1657872870792611,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872870792611,"pkt":"AAwphPY8AAwpXdTzCABFAAA8sZNAAEAG+bbAqAcQwKgHEZ5pJ0NDI7D5AAAAAKAC+vBCiQAAAgQFtAQCCArVxOuFAAAAAAEDAwc="} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1657872870792611,"flow_dst_last_pkt_time":1657872870792640,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872870792640,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDnmkg1DRmQyOw+qAS\/oiRTwAAAgQFtAQCCAqaoL221cTrhQEDAwc="} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1657872870792705,"flow_dst_last_pkt_time":1657872870792640,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872870792705,"pkt":"AAwphPY8AAwpXdTzCABFAAA0sZRAAEAG+b3AqAcQwKgHEZ5pJ0NDI7D6INQ0Z4AQAfa8rQAAAQEICtXE64WaoL22"} +00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1657872870793946,"flow_dst_last_pkt_time":1657872870792640,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_usec":1657872870793946,"pkt":"AAwphPY8AAwpXdTzCABFAAEJsZVAAEAG+OfAqAcQwKgHEZ5pJ0NDI7D6INQ0Z4AYAfbC0AAAAQEICtXE64aaoL22WkJYRAPIAAAASQEAAHicbNDPSgMxGATwV5E5x5L\/X5JHUTwk2U8N1l1s0iKUfXexLmrR08zpxzBnHPjtyH0gIT\/xPG6mPDIELpHuz2gTkooCbfDrZzdkpRc45f2RkaAgUPdLfUFS3lEgHbwXmDuSC9ZRXMWXoeWVYcKPYYzy\/zBhY4iCst+MumKU\/DUlhr8KyU2J5J1bHwQ6996WGQmUVclOhiKltbZMnJ2fbDUqPtZStIHA83K55i6X0t79Tt\/WfeN5QODEh43xO431IwAA\/\/8yQ1u9"} +00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872870792611,"flow_src_last_pkt_time":1657872870793946,"flow_dst_last_pkt_time":1657872870792640,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872870793946,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":40553,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1657872870793946,"flow_dst_last_pkt_time":1657872870793960,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872870793960,"pkt":"AAwpXdTzAAwphPY8CABFAAA06GpAAEAGwufAqAcRwKgHECdDnmkg1DRnQyOxz4AQAfy70AAAAQEICpqgvbjVxOuG"} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872876792584,"flow_src_last_pkt_time":1657872876792584,"flow_dst_last_pkt_time":1657872876792584,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872876792584,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":36755,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1657872876792584,"flow_dst_last_pkt_time":1657872876792584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872876792584,"pkt":"AAwphPY8AAwpXdTzCABFAAA8ax1AAEAGQC3AqAcQwKgHEY+TJ0PXhyVQAAAAAKAC+vAxNAAAAgQFtAQCCArVxQL1AAAAAAEDAwc="} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1657872876792584,"flow_dst_last_pkt_time":1657872876792612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872876792612,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDj5NOlfBz14clUaAS\/oh+uwAAAgQFtAQCCAqaoNUm1cUC9QEDAwc="} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1657872876792676,"flow_dst_last_pkt_time":1657872876792612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872876792676,"pkt":"AAwphPY8AAwpXdTzCABFAAA0ax5AAEAGQDTAqAcQwKgHEY+TJ0PXhyVRTpXwdIAQAfaqGQAAAQEICtXFAvWaoNUm"} +00879{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1657872876793015,"flow_dst_last_pkt_time":1657872876792612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":315,"pkt_l4_len":281,"thread_ts_usec":1657872876793015,"pkt":"AAwphPY8AAwpXdTzCABFAAEtax9AAEAGPzrAqAcQwKgHEY+TJ0PXhyVRTpXwdIAYAfaCegAAAQEICtXFAvWaoNUmWkJYRAPsAAAA5wEAAHicdNHBasMwDMbxVxnf2SuWZdmOH2VjBzvxtrAsYU1aBiXvPtaGNoH2JJ1+\/IVO2JefQxknRKSP0k9PTZoSFM4jvp7QNojGKLRT+f7f2VsihWPqDgURGgp1N9RfiOTEB2+CJ4V+RCQh722Y1YLwFuEbYjh4qe5IfJEca3F0hewWsquanfZa63tR9kJJxRX5KyVbStaUrR5QslQFQ3I7z20pt6aMfkC5pUqYWOY3hbGMYzv0iPCJchIdstbW2tyUJK6xNVP1XudsGAqfw\/lxLynn9tftzHPdtaWfoHAs+4VxO4P5LwAA\/\/9Q04Nw"} +00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872876792584,"flow_src_last_pkt_time":1657872876793015,"flow_dst_last_pkt_time":1657872876792612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872876793015,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":36755,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1657872876793015,"flow_dst_last_pkt_time":1657872876793029,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872876793029,"pkt":"AAwpXdTzAAwphPY8CABFAAA0G3xAAEAGj9bAqAcRwKgHECdDj5NOlfB014cmSoAQAfypGgAAAQEICpqg1SfVxQL1"} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872881792581,"flow_src_last_pkt_time":1657872881792581,"flow_dst_last_pkt_time":1657872881792581,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872881792581,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":43395,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1657872881792581,"flow_dst_last_pkt_time":1657872881792581,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872881792581,"pkt":"AAwphPY8AAwpXdTzCABFAAA8ZftAAEAGRU\/AqAcQwKgHEamDJ0OwMQEiAAAAAKAC+vBPQAAAAgQFtAQCCArVxRZ9AAAAAAEDAwc="} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1657872881792581,"flow_dst_last_pkt_time":1657872881792608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872881792608,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDqYNDohkxsDEBI6AS\/ohrdQAAAgQFtAQCCAqaoOiu1cUWfQEDAwc="} +00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1657872881792682,"flow_dst_last_pkt_time":1657872881792608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872881792682,"pkt":"AAwphPY8AAwpXdTzCABFAAA0ZfxAAEAGRVbAqAcQwKgHEamDJ0OwMQEjQ6IZMoAQAfaW0wAAAQEICtXFFn2aoOiu"} +00922{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1657872881793297,"flow_dst_last_pkt_time":1657872881792608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1657872881793297,"pkt":"AAwphPY8AAwpXdTzCABFAAFLZf1AAEAGRD7AqAcQwKgHEamDJ0OwMQEjQ6IZMoAYAfYnWQAAAQEICtXFFn2aoOiuWkJYRAMKAQAAdQIAAHicjNLbasMwDAbgVxm69oJ8kGX5UTZ2YSfeFtalW5OWQem7jx7W1NDAriQQfPwS2sOmfG\/LOEGE9FaG6aFLUwIFpxKf99B3EA0r6KfyeewtO2YFu7TaFoiw\/QIF7WrdfkDUnjiwCcf5MEIka5H0QV2QUCH6BtHLBgcv4q6G1EaYDfIueLoDhUsYcW6GLNYb3UAaEXHZCdaIw6uj60AyO9ggLlBypjSjJeOvlqksg\/+xAp4tL+RppmxN6ZkSadh4Yr5j6b+bk3A4vCgYyzj26wEicNI5EYaM6JzLXUnkO9daLa9tzsaCgvf16Y2eUs79j2\/MY7vqyzCBgl3ZXBjfGDj8BgAA\/\/\/szqkd"} +00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872881792581,"flow_src_last_pkt_time":1657872881793297,"flow_dst_last_pkt_time":1657872881792608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872881793297,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":43395,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1657872881793297,"flow_dst_last_pkt_time":1657872881793310,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872881793310,"pkt":"AAwpXdTzAAwphPY8CABFAAA0sHRAAEAG+t3AqAcRwKgHECdDqYNDohkysDECOoAQAfuVtwAAAQEICpqg6K\/VxRZ9"} +00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872886792642,"flow_src_last_pkt_time":1657872886792642,"flow_dst_last_pkt_time":1657872886792642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872886792642,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":45197,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1657872886792642,"flow_dst_last_pkt_time":1657872886792642,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872886792642,"pkt":"AAwphPY8AAwpXdTzCABFAAA8K4VAAEAGf8XAqAcQwKgHEbCNJ0MOlvVFAAAAAKAC+vDiJQAAAgQFtAQCCArVxSoFAAAAAAEDAwc="} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1657872886792642,"flow_dst_last_pkt_time":1657872886792669,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872886792669,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDsI0h9tt8Dpb1RqAS\/ohKMwAAAgQFtAQCCAqaoPw21cUqBQEDAwc="} +00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1657872886792744,"flow_dst_last_pkt_time":1657872886792669,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872886792744,"pkt":"AAwphPY8AAwpXdTzCABFAAA0K4ZAAEAGf8zAqAcQwKgHEbCNJ0MOlvVGIfbbfYAQAfZ1kQAAAQEICtXFKgWaoPw2"} +00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872886792782,"flow_src_last_pkt_time":1657872886792782,"flow_dst_last_pkt_time":1657872886792782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872886792782,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":35243,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1657872886792782,"flow_dst_last_pkt_time":1657872886792782,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872886792782,"pkt":"AAwphPY8AAwpXdTzCABFAAA8A\/1AAEAGp03AqAcQwKgHEYmrJ0PRuNzAAAAAAKAC+vBeagAAAgQFtAQCCArVxSoFAAAAAAEDAwc="} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1657872886792782,"flow_dst_last_pkt_time":1657872886792788,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872886792788,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDiatccWMA0bjcwaAS\/ogEeQAAAgQFtAQCCAqaoPw21cUqBQEDAwc="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1657872886792868,"flow_dst_last_pkt_time":1657872886792788,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872886792868,"pkt":"AAwphPY8AAwpXdTzCABFAAA0A\/5AAEAGp1TAqAcQwKgHEYmrJ0PRuNzBXHFjAYAQAfYv1wAAAQEICtXFKgWaoPw2"} +00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1657872886793051,"flow_dst_last_pkt_time":1657872886792669,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_usec":1657872886793051,"pkt":"AAwphPY8AAwpXdTzCABFAACTK4dAAEAGf2zAqAcQwKgHEbCNJ0MOlvVGIfbbfYAYAfZVzwAAAQEICtXFKgWaoPw2WkJYRANSAAAAUgAAAHicqlYqSi0sTS0uUbJSSkwuySxLVUjOSE3OVshITSwqSUpNLFHSUcrIB8tHJSYlZVaY6RnpJudkpuaBZWCq4tOKUguVrMwMagEBAAD\/\/6XPHEk="} +00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872886792642,"flow_src_last_pkt_time":1657872886793051,"flow_dst_last_pkt_time":1657872886792669,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":95,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":95,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872886793051,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":45197,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1657872886793051,"flow_dst_last_pkt_time":1657872886793062,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872886793062,"pkt":"AAwpXdTzAAwphPY8CABFAAA0VVRAAEAGVf7AqAcRwKgHECdDsI0h9tt9Dpb1pYAQAf11KwAAAQEICpqg\/DfVxSoF"} +00968{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1657872886793509,"flow_dst_last_pkt_time":1657872886792788,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"thread_ts_usec":1657872886793509,"pkt":"AAwphPY8AAwpXdTzCABFAAFqA\/9AAEAGph3AqAcQwKgHEYmrJ0PRuNzBXHFjAYAYAfavwQAAAQEICtXFKgaaoPw2WkJYRAMpAQAAuAIAAHicjNLRauswDAbgVzG69im2bEtyHuUczoWTeFtYl7ImLYPSdx9xszBDC9VNfhzz5RfkAsf8ecrTDA2k1zzOqk9zAg3l0fy7wNBD47yGYc4fJbMX1HBO+1OGBpRS1lhr1TIYiZVSQkLilwNLgUtQjGtwEWW56oN3WO5gQFbrmHLCEqkEax1Vrx4E0NDtD907NMsXhVGWjuMEDfloOV71ukioFsFfi5idKfOYig5DoI2imnIVJRyDvUO5tZWwYdkorin\/VCt\/o9g4imGjpKZCRVmKEe9Q4UaJYYluo2JN0VOt6KdVdEjX\/xqmPE3DYYQGONk2BSOtMd77ts8pUO87Z+NL17boQMPbofyJf1PbDl+0wz\/dfsjjDBrO+bgytEO4fgcAAP\/\/usGrvg=="} +00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872886792782,"flow_src_last_pkt_time":1657872886793509,"flow_dst_last_pkt_time":1657872886792788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":310,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":310,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872886793509,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":35243,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1657872886793509,"flow_dst_last_pkt_time":1657872886793517,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872886793517,"pkt":"AAwpXdTzAAwphPY8CABFAAA0CnBAAEAGoOLAqAcRwKgHECdDiatccWMB0bjd94AQAfsumwAAAQEICpqg\/DfVxSoG"} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872892792572,"flow_src_last_pkt_time":1657872892792572,"flow_dst_last_pkt_time":1657872892792572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872892792572,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":36623,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1657872892792572,"flow_dst_last_pkt_time":1657872892792572,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872892792572,"pkt":"AAwphPY8AAwpXdTzCABFAAA8BORAAEAGpmbAqAcQwKgHEY8PJ0MgPQwEAAAAAKAC+vDDzgAAAgQFtAQCCArVxUF1AAAAAAEDAwc="} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1657872892792572,"flow_dst_last_pkt_time":1657872892792601,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872892792601,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDjw\/xVE9QID0MBaAS\/ojROQAAAgQFtAQCCAqaoROm1cVBdQEDAwc="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1657872892792678,"flow_dst_last_pkt_time":1657872892792601,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872892792678,"pkt":"AAwphPY8AAwpXdTzCABFAAA0BOVAAEAGpm3AqAcQwKgHEY8PJ0MgPQwF8VRPUYAQAfb8lwAAAQEICtXFQXWaoROm"} +00925{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1657872892793279,"flow_dst_last_pkt_time":1657872892792601,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"thread_ts_usec":1657872892793279,"pkt":"AAwphPY8AAwpXdTzCABFAAFNBOZAAEAGpVPAqAcQwKgHEY8PJ0MgPQwF8VRPUYAYAfbOWAAAAQEICtXFQXWaoROmWkJYRAMMAQAAPgIAAHicbNLRauswDAbgVzno2sfYsiXLfpSNXdiJt4V1KWvSMih995G2NDXkSrr4+eAXOsOh\/hzrNEOC\/FHH+V+f5wwKriO9nmHoIXmjYJjr97K74DEoOOXdsUICow2zeAIF3W7ffUGyTEECigQF4wTJEgpac1F3y7aWNJY48rhhyc2KjjyvFDaUxJUS1hGjsbxhxZvFaJnkYbnGima1YtTMHmnDWmKLRcLBhoflW8uuFllNjh1t3GuJXa0Y5KkjtRY+ddTWBImyQeGD8oKXNwVTnaZhP0KCkG3JZKQY470vfc3Eve+cje9dKehAwef++g8vuZThlzX+73ZDHWdQcKqHO8Ma4fIXAAD\/\/w1BmaM="} +00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872892792572,"flow_src_last_pkt_time":1657872892793279,"flow_dst_last_pkt_time":1657872892792601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872892793279,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":36623,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1657872892793279,"flow_dst_last_pkt_time":1657872892793293,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872892793293,"pkt":"AAwpXdTzAAwphPY8CABFAAA08vJAAEAGuF\/AqAcRwKgHECdDjw\/xVE9RID0NHoAQAfv7eQAAAQEICpqhE6fVxUF1"} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872897792597,"flow_src_last_pkt_time":1657872897792597,"flow_dst_last_pkt_time":1657872897792597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872897792597,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":35627,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1657872897792597,"flow_dst_last_pkt_time":1657872897792597,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872897792597,"pkt":"AAwphPY8AAwpXdTzCABFAAA8oFRAAEAGCvbAqAcQwKgHEYsrJ0NzXFJJAAAAAKAC+vAaxgAAAgQFtAQCCArVxVT9AAAAAAEDAwc="} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1657872897792597,"flow_dst_last_pkt_time":1657872897792623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872897792623,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDiyvqkeMjc1xSSqAS\/oiHmAAAAgQFtAQCCAqaoScu1cVU\/QEDAwc="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1657872897792690,"flow_dst_last_pkt_time":1657872897792623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872897792690,"pkt":"AAwphPY8AAwpXdTzCABFAAA0oFVAAEAGCv3AqAcQwKgHEYsrJ0NzXFJK6pHjJIAQAfay9gAAAQEICtXFVP2aoScu"} +00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1657872897793078,"flow_dst_last_pkt_time":1657872897792623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"thread_ts_usec":1657872897793078,"pkt":"AAwphPY8AAwpXdTzCABFAAFioFZAAEAGCc7AqAcQwKgHEYsrJ0NzXFJK6pHjJIAYAfZmPAAAAQEICtXFVP2aoScuWkJYRAMhAQAAlgIAAHicfNLNbtswDMDxVxl41gKSJinKj7JhB9nWWqOpg8ZOUCDIuxf5jgG3J+kg\/KC\/xANsy8eujBPUkF\/KMP3q8pQhwHmp\/x6g76AWC9BP5f20r6KkKsA+r3cFaiAUE2RWdgjQrjftG9RkGj2ynw4OI9QJYyQ8hqsWZ1olD41Royp55AVMLhgpM+pD8\/ndnjQSQ01sgj9oLuIc71qaa\/rQlDCKaLQlTS+aiiGmG6Y4D33CUlolI0r2veXi5HS3aG7Z7NG80lPpAmbXTPGoie8azzOfNCL0RIhL33nDLFrF6fgvwFjGsd8MUEPM1GRFbxBFpOlKVuukrSj9b5uGKwjwujnP2Z\/cNP2nrfh3u+7LMEGAfdleGVsxHL8CAAD\/\/6dBr4o="} +00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872897792597,"flow_src_last_pkt_time":1657872897793078,"flow_dst_last_pkt_time":1657872897792623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":302,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872897793078,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":35627,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1657872897793078,"flow_dst_last_pkt_time":1657872897793092,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872897793092,"pkt":"AAwpXdTzAAwphPY8CABFAAA0kwRAAEAGGE7AqAcRwKgHECdDiyvqkeMkc1xTeIAQAfuxwwAAAQEICpqhJy\/VxVT9"} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872903792545,"flow_src_last_pkt_time":1657872903792545,"flow_dst_last_pkt_time":1657872903792545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872903792545,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":49215,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1657872903792545,"flow_dst_last_pkt_time":1657872903792545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872903792545,"pkt":"AAwphPY8AAwpXdTzCABFAAA8P\/1AAEAGa03AqAcQwKgHEcA\/J0OkvITAAAAAAKAC+vBqagAAAgQFtAQCCArVxWxtAAAAAAEDAwc="} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1657872903792545,"flow_dst_last_pkt_time":1657872903792574,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872903792574,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDwD9H2o+ZpLyEwaAS\/oi2DgAAAgQFtAQCCAqaoT6e1cVsbQEDAwc="} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1657872903792644,"flow_dst_last_pkt_time":1657872903792574,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872903792644,"pkt":"AAwphPY8AAwpXdTzCABFAAA0P\/5AAEAGa1TAqAcQwKgHEcA\/J0OkvITBR9qPmoAQAfbhbAAAAQEICtXFbG2aoT6e"} +00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1657872903793147,"flow_dst_last_pkt_time":1657872903792574,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1657872903793147,"pkt":"AAwphPY8AAwpXdTzCABFAAEzP\/9AAEAGalTAqAcQwKgHEcA\/J0OkvITBR9qPmoAYAfYxIAAAAQEICtXFbG2aoT6eWkJYRAPyAAAA5wEAAHicbNHNasMwDMDxVxk6e8XWh235UTZ2sBNvC+tS1qRlUPLuo13aENqTdNGPP+gE+\/pzqMMICfJH7cenNo8ZDFxGej1B10ISMtCN9fu8U2CKBo55e6iQgIg9GGi2u+YLkvMSYsCo0UA\/QPJExDiZmeE1owvjHhj6b4hYcYshK4PdYrAwimW971Hrrhaq6M3yawsXS3QTfHRy36UWZ4vVq71ZYW3RYgVvLVpVfGDR1XIkYXozMNRh6Hb9+Sy7ksXGYi0zl7Zm8S035PS9KQUJDHzuLo97yaV0v36Dz822q\/0IBo51PzN+gzD9BQAA\/\/\/EBYPU"} +00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872903792545,"flow_src_last_pkt_time":1657872903793147,"flow_dst_last_pkt_time":1657872903792574,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":255,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":255,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872903793147,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":49215,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1657872903793147,"flow_dst_last_pkt_time":1657872903793160,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872903793160,"pkt":"AAwpXdTzAAwphPY8CABFAAA0QWxAAEAGaebAqAcRwKgHECdDwD9H2o+apLyFwIAQAfzgZwAAAQEICpqhPp\/VxWxt"} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872930793502,"flow_src_last_pkt_time":1657872930793502,"flow_dst_last_pkt_time":1657872930793502,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872930793502,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":55759,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1657872930793502,"flow_dst_last_pkt_time":1657872930793502,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872930793502,"pkt":"AAwphPY8AAwpXdTzCABFAAA8aOZAAEAGQmTAqAcQwKgHEdnPJ0PpqOYFAAAAAKAC+vBBLwAAAgQFtAQCCArVxdXmAAAAAAEDAwc="} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1657872930793502,"flow_dst_last_pkt_time":1657872930793538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872930793538,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdD2c9PMqoP6ajmBqAS\/ogBjAAAAgQFtAQCCAqaoagX1cXV5gEDAwc="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1657872930793707,"flow_dst_last_pkt_time":1657872930793538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872930793707,"pkt":"AAwphPY8AAwpXdTzCABFAAA0aOdAAEAGQmvAqAcQwKgHEdnPJ0PpqOYGTzKqEIAQAfYs6gAAAQEICtXF1eaaoagX"} +00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1657872930795536,"flow_dst_last_pkt_time":1657872930793538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1657872930795536,"pkt":"AAwphPY8AAwpXdTzCABFAAEIaOhAAEAGQZbAqAcQwKgHEdnPJ0PpqOYGTzKqEIAYAfYlSQAAAQEICtXF1eeaoagXWkJYRAPHAAAASQEAAHicbNDPSgMxGATwV5E5x\/IlX\/4\/iuIhyUYN1l1s0iKUfXexbNGip5nTj2HOONSPY+0DEemlzuNuSiNB4BLx8Yw2IRov0EZ9\/+7sNFmBU9ofKyIkBMp+KW+I0hrnnQrKCswd0bBUbFexGeHGYP9jMDv7D+M3xpEhujKWbhhJv6YE91dhuipeBl6fBHrtvS0zIlySORnymUhrnaeajJ10YRmeS86KIfC6XK55SDm3T7tT92Xf6jwgcKqHjbE7hfUrAAD\/\/yRbW6Y="} +00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872930793502,"flow_src_last_pkt_time":1657872930795536,"flow_dst_last_pkt_time":1657872930793538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872930795536,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":55759,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1657872930795536,"flow_dst_last_pkt_time":1657872930795553,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872930795553,"pkt":"AAwpXdTzAAwphPY8CABFAAA0uL9AAEAG8pLAqAcRwKgHECdD2c9PMqoQ6ajm2oAQAfwsDgAAAQEICpqhqBnVxdXn"} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872936792500,"flow_src_last_pkt_time":1657872936792500,"flow_dst_last_pkt_time":1657872936792500,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872936792500,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":50639,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1657872936792500,"flow_dst_last_pkt_time":1657872936792500,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872936792500,"pkt":"AAwphPY8AAwpXdTzCABFAAA8VpBAAEAGVLrAqAcQwKgHEcXPJ0PDXpHCAAAAAKAC+vC4TQAAAgQFtAQCCArVxe1VAAAAAAEDAwc="} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1657872936792500,"flow_dst_last_pkt_time":1657872936792528,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872936792528,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDxc9EEUkkw16Rw6AS\/ojNRwAAAgQFtAQCCAqaob+G1cXtVQEDAwc="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1657872936792594,"flow_dst_last_pkt_time":1657872936792528,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872936792594,"pkt":"AAwphPY8AAwpXdTzCABFAAA0VpFAAEAGVMHAqAcQwKgHEcXPJ0PDXpHDRBFJJYAQAfb4pQAAAQEICtXF7VWaob+G"} +00999{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1657872936792868,"flow_dst_last_pkt_time":1657872936792528,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"thread_ts_usec":1657872936792868,"pkt":"AAwphPY8AAwpXdTzCABFAAF\/VpJAAEAGU3XAqAcQwKgHEcXPJ0PDXpHDRBFJJYAYAfZOrwAAAQEICtXF7VWaob+GWkJYRAM+AQAAjQMAAHicjNPPjqMwDAbwV1n5nK0S23EcHmVXewiQ3UXToZpCq5Gqvvuof4BGatGc4PTj+2xzgn3+OORhhArSv9yPP9o0JjBwfVS\/T9C1UIkz0I35\/fJOgYMzcEzbQ4YKLBhotrvmDSonPmjASM5AP0DlGBVjOJs7ggXivocwiw28IFQmwXUEb4hYZeXZ4DIILQYycaQnEN0g7zkIzZAvwzxArDFGcq8lJYwisySlxOu1eEpDgkutUNZ6NDZWrLUrlBIzx5nSkvKPlNMXlL+v3Sui4GzFsppfrzYhah3pHCjYEpEFCd5H5SeSTENypPPKQnnJTopmr4Yk05A0oj\/\/MTDkYeh2\/eXzydXJW62tZea6zclLyw25+Lepa7zc0v\/d9ff6leq6+5QN\/my2Xe5HMHDM+zsjG4TzVwAAAP\/\/ckPxaw=="} +00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872936792500,"flow_src_last_pkt_time":1657872936792868,"flow_dst_last_pkt_time":1657872936792528,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":331,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":331,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872936792868,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":50639,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1657872936792868,"flow_dst_last_pkt_time":1657872936792883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872936792883,"pkt":"AAwpXdTzAAwphPY8CABFAAA0fppAAEAGLLjAqAcRwKgHECdDxc9EEUklw16TDoAQAfv3VgAAAQEICpqhv4bVxe1V"} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872941792573,"flow_src_last_pkt_time":1657872941792573,"flow_dst_last_pkt_time":1657872941792573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872941792573,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":41309,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1657872941792573,"flow_dst_last_pkt_time":1657872941792573,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872941792573,"pkt":"AAwphPY8AAwpXdTzCABFAAA805FAAEAG17jAqAcQwKgHEaFdJ0PrusPWAAAAAKAC+vBuxwAAAgQFtAQCCArVxgDdAAAAAAEDAwc="} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1657872941792573,"flow_dst_last_pkt_time":1657872941792600,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872941792600,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDoV3qIUU267rD16AS\/ojOFgAAAgQFtAQCCAqaodMO1cYA3QEDAwc="} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1657872941792655,"flow_dst_last_pkt_time":1657872941792600,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872941792655,"pkt":"AAwphPY8AAwpXdTzCABFAAA005JAAEAG17\/AqAcQwKgHEaFdJ0PrusPX6iFFN4AQAfb5dAAAAQEICtXGAN2aodMO"} +00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1657872941793507,"flow_dst_last_pkt_time":1657872941792600,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_usec":1657872941793507,"pkt":"AAwphPY8AAwpXdTzCABFAAE+05NAAEAG1rTAqAcQwKgHEaFdJ0PrusPX6iFFN4AYAfbsFAAAAQEICtXGAN6aodMOWkJYRAP9AAAALQIAAHicjNHPSvQwFAXwV\/k463wlN\/9ukkdRXCRt1OLY0WlnEIa+u9iOrYUK3s09qx8HzhWn8n4u\/YCI9FS64V+ThgSB6cX7K9oGkZVAO5TXr6zZMAtc0uFcEHF+g0B9ONYviOQse1ZBs0DXI1rjidwobojeIPQDod8NNoGdWgyzNfxqWNbBqB3If5cha+QC2S0UVkhWcrodKsyU194FvVBuQyn5F8rImXJBa80LxVuKViqEypMjsjsWzRYxe+t4fBDoS9+3xw4RnCgnK32W0hiTm5Ksa0ytKTzWOSsNgefjNP9dyrn9cJX6Xx\/a0g0QuJTTjXGVwvgZAAD\/\/6rWlnA="} +00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872941792573,"flow_src_last_pkt_time":1657872941793507,"flow_dst_last_pkt_time":1657872941792600,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872941793507,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":41309,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1657872941793507,"flow_dst_last_pkt_time":1657872941793520,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872941793520,"pkt":"AAwpXdTzAAwphPY8CABFAAA0v3VAAEAG69zAqAcRwKgHECdDoV3qIUU367rE4YAQAfv4ZAAAAQEICpqh0w\/VxgDe"} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872946792586,"flow_src_last_pkt_time":1657872946792586,"flow_dst_last_pkt_time":1657872946792586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872946792586,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":60217,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1657872946792586,"flow_dst_last_pkt_time":1657872946792586,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872946792586,"pkt":"AAwphPY8AAwpXdTzCABFAAA8mKpAAEAGEqDAqAcQwKgHEes5J0OuG6ccAAAAAKAC+vBrvAAAAgQFtAQCCArVxhRlAAAAAAEDAwc="} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1657872946792586,"flow_dst_last_pkt_time":1657872946792616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872946792616,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdD6zkMhI4LrhunHaAS\/ohMTAAAAgQFtAQCCAqaoeaW1cYUZQEDAwc="} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872946792630,"flow_src_last_pkt_time":1657872946792630,"flow_dst_last_pkt_time":1657872946792630,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872946792630,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":43677,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1657872946792630,"flow_dst_last_pkt_time":1657872946792630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872946792630,"pkt":"AAwphPY8AAwpXdTzCABFAAA82ltAAEAG0O7AqAcQwKgHEaqdJ0OOmrBbAAAAAKAC+vDCmgAAAgQFtAQCCArVxhRlAAAAAAEDAwc="} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1657872946792630,"flow_dst_last_pkt_time":1657872946792636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872946792636,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDqp39rkBzjpqwXKAS\/oj\/lwAAAgQFtAQCCAqaoeaW1cYUZQEDAwc="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1657872946792659,"flow_dst_last_pkt_time":1657872946792616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872946792659,"pkt":"AAwphPY8AAwpXdTzCABFAAA0mKtAAEAGEqfAqAcQwKgHEes5J0OuG6cdDISODIAQAfZ3qgAAAQEICtXGFGWaoeaW"} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1657872946792683,"flow_dst_last_pkt_time":1657872946792636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872946792683,"pkt":"AAwphPY8AAwpXdTzCABFAAA02lxAAEAG0PXAqAcQwKgHEaqdJ0OOmrBc\/a5AdIAQAfYq9gAAAQEICtXGFGWaoeaW"} +00970{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1657872946792952,"flow_dst_last_pkt_time":1657872946792636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":377,"pkt_l4_len":343,"thread_ts_usec":1657872946792952,"pkt":"AAwphPY8AAwpXdTzCABFAAFr2l1AAEAGz73AqAcQwKgHEaqdJ0OOmrBc\/a5AdIAYAfZMyAAAAQEICtXGFGWaoeaWWkJYRAMqAQAAuQIAAHicjNJha\/MgEAfwryL32qfoqXdnPsoz9kITt4V1KWvSMij97iOm6xpYob7JHz1+8Q+eYF8+D2WcoIH0WoZJdWlKoKF+mqcT9B00LBr6qXzM2bEX1HBM20OBBpRS1lhr1bwwEiulhITEzxuWAteg2MVYg4vs5lFPEqnOILllRill6g5HXo6sdbQ6uhNAQ7vdte\/QzH8UxuhRwzBCEzyH6M\/6UiSuiuBNEbMxdd2nRAJK+KHErCl3S1ljkPgPyi0UCZsgV8quKf\/QrfxCsTcseKVwTYWHqLBQNrAJ+NvQrS16yKLLtRiF6PysYSzj2O8GaICTzSkYycZ473NXUqDOt87GlzZndKDhbVef4v+Uc\/9FG\/zXbvsyTKDhWPYXhjYI5+8AAAD\/\/2adq9M="} +00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872946792630,"flow_src_last_pkt_time":1657872946792952,"flow_dst_last_pkt_time":1657872946792636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":311,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872946792952,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":43677,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1657872946792952,"flow_dst_last_pkt_time":1657872946792965,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872946792965,"pkt":"AAwpXdTzAAwphPY8CABFAAA0w7NAAEAG557AqAcRwKgHECdDqp39rkB0jpqxk4AQAfspugAAAQEICpqh5pfVxhRl"} +00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1657872946793358,"flow_dst_last_pkt_time":1657872946792616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_usec":1657872946793358,"pkt":"AAwphPY8AAwpXdTzCABFAACPmKxAAEAGEkvAqAcQwKgHEes5J0OuG6cdDISODIAYAfYw+AAAAQEICtXGFGWaoeaWWkJYRANOAAAARQAAAHicqlYqSi0sTS0uUbJSSkwuySxLVUjOSE3OLlbSUcrIBwtHJSYlZVaY6RnpJudkpuaVKOkolaUWFWfm5ylZKZnpGSnVAgIAAP\/\/OxIWqQ=="} +00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872946792586,"flow_src_last_pkt_time":1657872946793358,"flow_dst_last_pkt_time":1657872946792616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872946793358,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":60217,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1657872946793358,"flow_dst_last_pkt_time":1657872946793365,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872946793365,"pkt":"AAwpXdTzAAwphPY8CABFAAA0fqlAAEAGLKnAqAcRwKgHECdD6zkMhI4MrhuneIAQAf13SAAAAQEICpqh5pfVxhRl"} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872947793311,"flow_src_last_pkt_time":1657872947793311,"flow_dst_last_pkt_time":1657872947793311,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872947793311,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":48677,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1657872947793311,"flow_dst_last_pkt_time":1657872947793311,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872947793311,"pkt":"AAwphPY8AAwpXdTzCABFAAA8gvJAAEAGKFjAqAcQwKgHEb4lJ0MQcz+qAAAAAKAC+vCaAwAAAgQFtAQCCArVxhhNAAAAAAEDAwc="} +00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1657872947793311,"flow_dst_last_pkt_time":1657872947793340,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872947793340,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDviV4fJDbEHM\/q6AS\/ogH4gAAAgQFtAQCCAqaoep\/1cYYTQEDAwc="} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1657872947793404,"flow_dst_last_pkt_time":1657872947793340,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872947793404,"pkt":"AAwphPY8AAwpXdTzCABFAAA0gvNAAEAGKF\/AqAcQwKgHEb4lJ0MQcz+reHyQ3IAQAfYzPwAAAQEICtXGGE6aoep\/"} +00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1657872947794418,"flow_dst_last_pkt_time":1657872947793340,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_usec":1657872947794418,"pkt":"AAwphPY8AAwpXdTzCABFAACTgvRAAEAGJ\/\/AqAcQwKgHEb4lJ0MQcz+reHyQ3IAYAfYTfQAAAQEICtXGGE6aoep\/WkJYRANSAAAAUgAAAHicqlYqSi0sTS0uUbJSSkwuySxLVUjOSE3OVshITSwqSUpNLFHSUcrIB8tHJSYlZVaY6RnpJudkpuaBZWCq4tOKUguVrMwMagEBAAD\/\/6XPHEk="} +00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872947793311,"flow_src_last_pkt_time":1657872947794418,"flow_dst_last_pkt_time":1657872947793340,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":95,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":95,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872947794418,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":48677,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1657872947794418,"flow_dst_last_pkt_time":1657872947794432,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872947794432,"pkt":"AAwpXdTzAAwphPY8CABFAAA0fFtAAEAGLvfAqAcRwKgHECdDviV4fJDcEHNACoAQAf0y2QAAAQEICpqh6oDVxhhO"} +00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872825792772,"flow_src_last_pkt_time":1657872825796257,"flow_dst_last_pkt_time":1657872825796264,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":745,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":745,"midstream":0,"thread_ts_usec":1657872947794590,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":36699,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1657872825796640,"flow_src_last_pkt_time":1657872825798048,"flow_dst_last_pkt_time":1657872825798009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":95,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":95,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872947794590,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":54089,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872952792575,"flow_src_last_pkt_time":1657872952792575,"flow_dst_last_pkt_time":1657872952792575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872952792575,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":52901,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1657872952792575,"flow_dst_last_pkt_time":1657872952792575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872952792575,"pkt":"AAwphPY8AAwpXdTzCABFAAA8255AAEAGz6vAqAcQwKgHEc6lJ0N0SnSMAAAAAKAC+vDdQQAAAgQFtAQCCArVxivVAAAAAAEDAwc="} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1657872952792575,"flow_dst_last_pkt_time":1657872952792605,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872952792605,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDzqWyONx7dEp0jaAS\/oiyPAAAAgQFtAQCCAqaof4G1cYr1QEDAwc="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1657872952792721,"flow_dst_last_pkt_time":1657872952792605,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872952792721,"pkt":"AAwphPY8AAwpXdTzCABFAAA0259AAEAGz7LAqAcQwKgHEc6lJ0N0SnSNsjjcfIAQAfbdmgAAAQEICtXGK9Waof4G"} +00928{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1657872952792995,"flow_dst_last_pkt_time":1657872952792605,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"thread_ts_usec":1657872952792995,"pkt":"AAwphPY8AAwpXdTzCABFAAFN26BAAEAGzpjAqAcQwKgHEc6lJ0N0SnSNsjjcfIAYAfaZpgAAAQEICtXGK9Waof4GWkJYRAMMAQAAPwIAAHicbNJRa+MwDMDxr3Lo2Wck25Itf5Q77sFOfFtYl7ImLYPS7z7WZc0CeZKefugPusKpvZ3bNEOG8tTG+Vdf5gIG7iP\/vcLQQ07BwDC318\/dx+CigUs5nBtkQIuMFBwY6A7H7gUyCccUnYZoYJwgEyEl1ZtZLN5aaWOJJIk7VlosjkjkH5ZsrKSrlcSqUyTZwfQL4xAE17vixlJcLVUrEhzvWIzfFjsvDyttLVotJstevO5EMi1WUh\/oYenWcj8aLWFMmnYot1DMSHz7Z2Bq0zQcR8gQC9XCmCpiCKH2rbD0ofOk\/7tanQcDz8f7Q\/wptQ7vYt3v7jC0cQYDl3ZaGLEObh8BAAD\/\/5zUmdY="} +00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872952792575,"flow_src_last_pkt_time":1657872952792995,"flow_dst_last_pkt_time":1657872952792605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872952792995,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":52901,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1657872952792995,"flow_dst_last_pkt_time":1657872952793009,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872952793009,"pkt":"AAwpXdTzAAwphPY8CABFAAA0AHVAAEAGqt3AqAcRwKgHECdDzqWyONx8dEp1poAQAfvcfAAAAQEICpqh\/gfVxivV"} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872958792640,"flow_src_last_pkt_time":1657872958792640,"flow_dst_last_pkt_time":1657872958792640,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872958792640,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":48017,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1657872958792640,"flow_dst_last_pkt_time":1657872958792640,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872958792640,"pkt":"AAwphPY8AAwpXdTzCABFAAA8ZUVAAEAGRgXAqAcQwKgHEbuRJ0OG8OfRAAAAAKAC+vBS+gAAAgQFtAQCCArVxkNFAAAAAAEDAwc="} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1657872958792640,"flow_dst_last_pkt_time":1657872958792670,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872958792670,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDu5Ho2mZ8hvDn0qAS\/ohP4gAAAgQFtAQCCAqaohV21cZDRQEDAwc="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1657872958792769,"flow_dst_last_pkt_time":1657872958792670,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872958792769,"pkt":"AAwphPY8AAwpXdTzCABFAAA0ZUZAAEAGRgzAqAcQwKgHEbuRJ0OG8OfS6NpmfYAQAfZ7QAAAAQEICtXGQ0WaohV2"} +00977{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1657872958793339,"flow_dst_last_pkt_time":1657872958792670,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"thread_ts_usec":1657872958793339,"pkt":"AAwphPY8AAwpXdTzCABFAAFwZUdAAEAGRM\/AqAcQwKgHEbuRJ0OG8OfS6NpmfYAYAfaDGQAAAQEICtXGQ0WaohV2WkJYRAMvAQAA3AIAAHicfNLBjtQwDAbgV0E+h5Ht2I7TRwFxSNsAFUNHbLsrpNW8O9qlaidS4ZScPv2\/7Vd4qr+e67JCB+VbndcPY1kLBHh\/us+vMI3QZQwwrfXn2z8myTHAS7k+V+iAUEyQWdkhwHC9DT+gI9PkibPGAPMCnSG5p3vYNGq0KIfGqEmVPPEJJhumFkl2jNtoDxiJoWY2wX9jhNEk8a7FVtNDU8Ikkl3tRNNNExcy3zVpiz5oOV+yEeX\/YQkN+YimLWbN1DzqW9cTzbapcYxiO2ZtzweMCD0T4tk6N8sjux8bSG0wP6woeFbQ\/zIanRPevwRY6rJMtxk6SIX6oug9ooj0Yy1qowyR8teh7zlCgO+392v9VPp++m0X\/jhcpzqvEOClPm2MXRjufwIAAP\/\/Zc7B0Q=="} +00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872958792640,"flow_src_last_pkt_time":1657872958793339,"flow_dst_last_pkt_time":1657872958792670,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872958793339,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":48017,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1657872958793339,"flow_dst_last_pkt_time":1657872958793354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872958793354,"pkt":"AAwpXdTzAAwphPY8CABFAAA0vxZAAEAG7DvAqAcRwKgHECdDu5Ho2mZ9hvDpDoAQAft5\/wAAAQEICpqiFXfVxkNF"} +00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872837792827,"flow_src_last_pkt_time":1657872837794574,"flow_dst_last_pkt_time":1657872837794583,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":319,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":98,"midstream":0,"thread_ts_usec":1657872958793824,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":58079,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1657872831792753,"flow_src_last_pkt_time":1657872831794189,"flow_dst_last_pkt_time":1657872831794139,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":257,"flow_dst_tot_l4_payload_len":98,"midstream":0,"thread_ts_usec":1657872958793824,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":37781,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872964792521,"flow_src_last_pkt_time":1657872964792521,"flow_dst_last_pkt_time":1657872964792521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872964792521,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":39595,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1657872964792521,"flow_dst_last_pkt_time":1657872964792521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872964792521,"pkt":"AAwphPY8AAwpXdTzCABFAAA8k+9AAEAGF1vAqAcQwKgHEZqrJ0MwDBwrAAAAAKAC+vB++wAAAgQFtAQCCArVxlq1AAAAAAEDAwc="} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1657872964792521,"flow_dst_last_pkt_time":1657872964792556,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872964792556,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDmqvJ0atgMAwcLKAS\/og+mAAAAgQFtAQCCAqaoizm1cZatQEDAwc="} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1657872964792625,"flow_dst_last_pkt_time":1657872964792556,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872964792625,"pkt":"AAwphPY8AAwpXdTzCABFAAA0k\/BAAEAGF2LAqAcQwKgHEZqrJ0MwDBwsydGrYYAQAfZp9gAAAQEICtXGWrWaoizm"} +00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1657872964793883,"flow_dst_last_pkt_time":1657872964792556,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":309,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":309,"pkt_l4_len":275,"thread_ts_usec":1657872964793883,"pkt":"AAwphPY8AAwpXdTzCABFAAEnk\/FAAEAGFm7AqAcQwKgHEZqrJ0MwDBwsydGrYYAYAfYL3QAAAQEICtXGWraaoizmWkJYRAPmAAAAowEAAHicbNDRTrQwEAXgV\/kz1\/3JdKadMn0UjRctVCUixIXdmGx4d8OKQeJezdycLyfnCqfycS7TDBHSSxnmf22aExi4nfh4ha6FqLWBbi7v68\/BsRq4pP5cIIIFA00\/Nm8QrfhQB1KvBoYJosVahXgxG6IHxNkdcZ41CIr7i4n9xrxjsfJjWcQjRjvmtQpM6PgORhsWapZfmD1ivGNBEAlV6Q7GG6ZeyS9PBqYyTd04rLFkc\/JYZ0TnXG5L8tK6hq0+NznTWu11vI3+kHLuPqWi\/03flWEGA5dy2hipCJavAAAA\/\/+aH3IE"} +00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872964792521,"flow_src_last_pkt_time":1657872964793883,"flow_dst_last_pkt_time":1657872964792556,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872964793883,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":39595,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1657872964793883,"flow_dst_last_pkt_time":1657872964793897,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872964793897,"pkt":"AAwpXdTzAAwphPY8CABFAAA0kS5AAEAGGiTAqAcRwKgHECdDmqvJ0athMAwdH4AQAfxo\/AAAAQEICpqiLOfVxlq2"} +00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872843792650,"flow_src_last_pkt_time":1657872843793960,"flow_dst_last_pkt_time":1657872843793967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":98,"midstream":0,"thread_ts_usec":1657872964794314,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":33661,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872986792468,"flow_src_last_pkt_time":1657872986792468,"flow_dst_last_pkt_time":1657872986792468,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872986792468,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":36763,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1657872986792468,"flow_dst_last_pkt_time":1657872986792468,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872986792468,"pkt":"AAwphPY8AAwpXdTzCABFAAA8HIpAAEAGjsDAqAcQwKgHEY+bJ0NtIvI9AAAAAKAC+vAg8gAAAgQFtAQCCArVxrClAAAAAAEDAwc="} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1657872986792468,"flow_dst_last_pkt_time":1657872986792497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872986792497,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDj5te3hoCbSLyPqAS\/oiG8AAAAgQFtAQCCAqaooLW1cawpQEDAwc="} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1657872986792564,"flow_dst_last_pkt_time":1657872986792497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872986792564,"pkt":"AAwphPY8AAwpXdTzCABFAAA0HItAAEAGjsfAqAcQwKgHEY+bJ0NtIvI+Xt4aA4AQAfayTgAAAQEICtXGsKWaooLW"} +00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1657872986792889,"flow_dst_last_pkt_time":1657872986792497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_usec":1657872986792889,"pkt":"AAwphPY8AAwpXdTzCABFAADjHIxAAEAGjhfAqAcQwKgHEY+bJ0NtIvI+Xt4aA4AYAfb+twAAAQEICtXGsKWaooLWWkJYRAOiAAAAvgAAAHicLI7NSgMxFEZfRb71tSSZ\/DWPori4Sa4aHDPYpEUo8+7i0NXhbA7njov8XGVMJPCH9PlUeTIIB9LrHa0iaWUIbcr3vyzBKk+48XoVJGgQyrqVLyTtXYjBnKMn9IGknY3Rmf2NMGSMtnUkBNaZnYpZKWttrsLOV1sWfX4vOZsFhM\/t+HnhnNuvP5nnsjbpE4SbXB4ZfzLY\/wIAAP\/\/zj43ZA=="} +00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657872986792468,"flow_src_last_pkt_time":1657872986792889,"flow_dst_last_pkt_time":1657872986792497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872986792889,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":36763,"dst_port":10051,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1657872986792889,"flow_dst_last_pkt_time":1657872986792903,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657872986792903,"pkt":"AAwpXdTzAAwphPY8CABFAAA0vPxAAEAG7lXAqAcRwKgHECdDj5te3hoDbSLy7YAQAfyxmgAAAQEICpqigtbVxrCl"} +00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872876792584,"flow_src_last_pkt_time":1657872876793352,"flow_dst_last_pkt_time":1657872876793359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":249,"flow_dst_tot_l4_payload_len":98,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":36755,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872986792468,"flow_src_last_pkt_time":1657872986793220,"flow_dst_last_pkt_time":1657872986793226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":98,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":36763,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872903792545,"flow_src_last_pkt_time":1657872903793526,"flow_dst_last_pkt_time":1657872903793533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":255,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":255,"flow_dst_tot_l4_payload_len":98,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":49215,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1657872886792642,"flow_src_last_pkt_time":1657872886793202,"flow_dst_last_pkt_time":1657872886793171,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":95,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":95,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":45197,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872941792573,"flow_src_last_pkt_time":1657872941793953,"flow_dst_last_pkt_time":1657872941793960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":266,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":266,"flow_dst_tot_l4_payload_len":98,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":41309,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872881792581,"flow_src_last_pkt_time":1657872881793668,"flow_dst_last_pkt_time":1657872881793678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":98,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":43395,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872886792782,"flow_src_last_pkt_time":1657872886794139,"flow_dst_last_pkt_time":1657872886794145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":310,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":310,"flow_dst_tot_l4_payload_len":98,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":35243,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1657872930793502,"flow_src_last_pkt_time":1657872930795972,"flow_dst_last_pkt_time":1657872930795980,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":98,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":55759,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872946792630,"flow_src_last_pkt_time":1657872946793412,"flow_dst_last_pkt_time":1657872946793417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":311,"flow_dst_tot_l4_payload_len":98,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":43677,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872964792521,"flow_src_last_pkt_time":1657872964794307,"flow_dst_last_pkt_time":1657872964794314,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":243,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":243,"flow_dst_tot_l4_payload_len":98,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":39595,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872897792597,"flow_src_last_pkt_time":1657872897793446,"flow_dst_last_pkt_time":1657872897793453,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":302,"flow_dst_max_l4_payload_len":97,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":97,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":35627,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872946792586,"flow_src_last_pkt_time":1657872946796114,"flow_dst_last_pkt_time":1657872946796119,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":745,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":745,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":60217,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872958792640,"flow_src_last_pkt_time":1657872958793816,"flow_dst_last_pkt_time":1657872958793824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":97,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":97,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":48017,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872936792500,"flow_src_last_pkt_time":1657872936793305,"flow_dst_last_pkt_time":1657872936793312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":331,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":331,"flow_dst_tot_l4_payload_len":98,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":50639,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1657872947793311,"flow_src_last_pkt_time":1657872947794590,"flow_dst_last_pkt_time":1657872947794546,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":95,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":95,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":48677,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872870792611,"flow_src_last_pkt_time":1657872870794489,"flow_dst_last_pkt_time":1657872870794496,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":97,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":97,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":40553,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872952792575,"flow_src_last_pkt_time":1657872952793338,"flow_dst_last_pkt_time":1657872952793345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":97,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":97,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":52901,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872892792572,"flow_src_last_pkt_time":1657872892794079,"flow_dst_last_pkt_time":1657872892794088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":97,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":97,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":36623,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00586{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","packets-captured":236,"packets-processed":236,"total-skipped-flows":0,"total-l4-payload-len":8611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":196,"global_ts_usec":1657872986793226} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 10/10 +~~ packets captured/processed: 236/236 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 39 bytes -~~ total detected protocols..: 1 -~~ total active/idle flows...: 1/1 +~~ total layer4 data length..: 8611 bytes +~~ total detected protocols..: 24 +~~ total active/idle flows...: 24/24 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964389 bytes -~~ total memory freed........: 7964389 bytes -~~ total allocations/frees...: 148297/148297 +~~ total memory allocated....: 7649456 bytes +~~ total memory freed........: 7649456 bytes +~~ total allocations/frees...: 143179/143179 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars -~~ json string max len.......: 975 chars -~~ json string avg len.......: 732 chars +~~ json string max len.......: 1004 chars +~~ json string avg len.......: 758 chars diff --git a/test/results/default/zattoo.pcap.out b/test/results/default/zattoo.pcap.out index be7f99977..9e74adb53 100644 --- a/test/results/default/zattoo.pcap.out +++ b/test/results/default/zattoo.pcap.out @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7971616 bytes -~~ total memory freed........: 7971616 bytes -~~ total allocations/frees...: 148341/148341 +~~ total memory allocated....: 7601301 bytes +~~ total memory freed........: 7601301 bytes +~~ total allocations/frees...: 142744/142744 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 1982 chars diff --git a/test/results/default/zcash.pcap.out b/test/results/default/zcash.pcap.out index da07741a8..32fb64576 100644 --- a/test/results/default/zcash.pcap.out +++ b/test/results/default/zcash.pcap.out @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7970352 bytes -~~ total memory freed........: 7970352 bytes -~~ total allocations/frees...: 148433/148433 +~~ total memory allocated....: 7600013 bytes +~~ total memory freed........: 7600013 bytes +~~ total allocations/frees...: 142836/142836 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 2472 chars diff --git a/test/results/default/zoom.pcap.out b/test/results/default/zoom.pcap.out index 76b28aecd..78e96652f 100644 --- a/test/results/default/zoom.pcap.out +++ b/test/results/default/zoom.pcap.out @@ -256,9 +256,9 @@ ~~ total active/idle flows...: 33/33 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8286789 bytes -~~ total memory freed........: 8286789 bytes -~~ total allocations/frees...: 149433/149433 +~~ total memory allocated....: 7917218 bytes +~~ total memory freed........: 7917218 bytes +~~ total allocations/frees...: 143836/143836 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 298 chars ~~ json string max len.......: 2404 chars diff --git a/test/results/default/zoom2.pcap.out b/test/results/default/zoom2.pcap.out index 22d4381ef..5c169f237 100644 --- a/test/results/default/zoom2.pcap.out +++ b/test/results/default/zoom2.pcap.out @@ -54,9 +54,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8056534 bytes -~~ total memory freed........: 8056534 bytes -~~ total allocations/frees...: 150854/150854 +~~ total memory allocated....: 7686291 bytes +~~ total memory freed........: 7686291 bytes +~~ total allocations/frees...: 145257/145257 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 511 chars ~~ json string max len.......: 2217 chars diff --git a/test/results/default/zoom_p2p.pcapng.out b/test/results/default/zoom_p2p.pcapng.out index bac878c3a..ecdd2f622 100644 --- a/test/results/default/zoom_p2p.pcapng.out +++ b/test/results/default/zoom_p2p.pcapng.out @@ -137,9 +137,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8011342 bytes -~~ total memory freed........: 8011342 bytes -~~ total allocations/frees...: 149179/149179 +~~ total memory allocated....: 7641291 bytes +~~ total memory freed........: 7641291 bytes +~~ total allocations/frees...: 143582/143582 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 2296 chars diff --git a/test/results/disable_aggressiveness/ookla.pcap.out b/test/results/disable_aggressiveness/ookla.pcap.out index 85522686e..fdabace80 100644 --- a/test/results/disable_aggressiveness/ookla.pcap.out +++ b/test/results/disable_aggressiveness/ookla.pcap.out @@ -61,9 +61,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7995315 bytes -~~ total memory freed........: 7995315 bytes -~~ total allocations/frees...: 148474/148474 +~~ total memory allocated....: 7625096 bytes +~~ total memory freed........: 7625096 bytes +~~ total allocations/frees...: 142877/142877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 526 chars ~~ json string max len.......: 1414 chars diff --git a/test/results/disable_protocols/dns_long_domainname.pcap.out b/test/results/disable_protocols/dns_long_domainname.pcap.out index 30f7c527e..de911f5b4 100644 --- a/test/results/disable_protocols/dns_long_domainname.pcap.out +++ b/test/results/disable_protocols/dns_long_domainname.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7964181 bytes -~~ total memory freed........: 7964181 bytes -~~ total allocations/frees...: 148290/148290 +~~ total memory allocated....: 7593842 bytes +~~ total memory freed........: 7593842 bytes +~~ total allocations/frees...: 142693/142693 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 535 chars ~~ json string max len.......: 1231 chars diff --git a/test/results/disable_protocols/pluralsight.pcap.out b/test/results/disable_protocols/pluralsight.pcap.out index fbf67c3c5..be30597e1 100644 --- a/test/results/disable_protocols/pluralsight.pcap.out +++ b/test/results/disable_protocols/pluralsight.pcap.out @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8034221 bytes -~~ total memory freed........: 8034221 bytes -~~ total allocations/frees...: 148442/148442 +~~ total memory allocated....: 7664002 bytes +~~ total memory freed........: 7664002 bytes +~~ total allocations/frees...: 142845/142845 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 527 chars ~~ json string max len.......: 2533 chars diff --git a/test/results/disable_protocols/quic-mvfst-27.pcapng.out b/test/results/disable_protocols/quic-mvfst-27.pcapng.out index b41318ce2..a906fd94c 100644 --- a/test/results/disable_protocols/quic-mvfst-27.pcapng.out +++ b/test/results/disable_protocols/quic-mvfst-27.pcapng.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7974790 bytes -~~ total memory freed........: 7974790 bytes -~~ total allocations/frees...: 148328/148328 +~~ total memory allocated....: 7604451 bytes +~~ total memory freed........: 7604451 bytes +~~ total allocations/frees...: 142731/142731 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 531 chars ~~ json string max len.......: 2285 chars diff --git a/test/results/disable_protocols/soap.pcap.out b/test/results/disable_protocols/soap.pcap.out index 08f520c6d..7e2b39deb 100644 --- a/test/results/disable_protocols/soap.pcap.out +++ b/test/results/disable_protocols/soap.pcap.out @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7973117 bytes -~~ total memory freed........: 7973117 bytes -~~ total allocations/frees...: 148337/148337 +~~ total memory allocated....: 7602826 bytes +~~ total memory freed........: 7602826 bytes +~~ total allocations/frees...: 142740/142740 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 520 chars ~~ json string max len.......: 2479 chars diff --git a/test/results/disable_stun_monitoring/lru_ipv6_caches.pcapng.out b/test/results/disable_stun_monitoring/lru_ipv6_caches.pcapng.out new file mode 100644 index 000000000..81a8b9735 --- /dev/null +++ b/test/results/disable_stun_monitoring/lru_ipv6_caches.pcapng.out @@ -0,0 +1,98 @@ +00534{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00597{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639052947835473} +00851{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947835473,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":84,"pkt_l4_len":30,"thread_ts_usec":1639052947835473,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAAB4RNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgAeVVyAyQABc057KIAAAAURUN3Xuv65y9fO"} +00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948008616,"pkt":"AAAAAAAAAAUAny4Oht1gCOxqADoRPyDtRw9vc85gYL6LT983sIAy+\/lnaB7pa\/rOsAwAAHT9sloNlgA6KoqAyQABWl1ZNGNoadjLndjyhIQdR3eb9BFhVVqa3fOaaflunNCAAAAByaRnP87SPV4aWA=="} +00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1639052948274471,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948274471,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAADoRNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgA67jSAyQABc057KPtqh0GuGNqHQpVdUH9DbV7N1xxXOtXJtJqdGPOAAAAGtXeTrpTWaBsieQ=="} +00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1639052948289476,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":84,"pkt_l4_len":30,"thread_ts_usec":1639052948289476,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAAB4RNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgAecUyAyQABc057KIAAAAeHMLnCpIkbax7n"} +00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639052948289476,"flow_dst_last_pkt_time":1639052948301493,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948301493,"pkt":"AAAAAAAAAAUAny4Oht1gCOxqADoRPyDtRw9vc85gYL6LT983sIAy+\/lnaB7pa\/rOsAwAAHT9sloNlgA6RJGAyQABkTlfEc51q66FXyPDwam3nbBa6WicqgKI89C6hGhWlhyAAAAFFpuu1SLHCT7WvA=="} +01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052948665588,"flow_dst_last_pkt_time":1639052948452760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":144,"flow_src_tot_l4_payload_len":268,"flow_dst_tot_l4_payload_len":356,"midstream":0,"thread_ts_usec":1639052948665588,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":2,"num_processed_pkts":3}}} +00855{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948897167,"flow_src_last_pkt_time":1639052948897167,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948897167,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27","src_port":6881,"dst_port":60506,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1639052948897167,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052948897167,"pkt":"AAAAAAAAAAgAVrKUht1gDMK7ABwRPzmRBy0zbmXsxb+l+oOtI94wJOXurC\/Ndl3Wp6Hxf1wnGuHsWgAcMekhAKzS+CpD0rrw8PwAEAAA1ElsQg=="} +00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1639052948898635,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052948898635,"pkt":"AAAAAAAAAAgAVrKUht1gDMK7ABwRPzmRBy0zbmXsxb+l+oOtI94wJOXurC\/Ndl3Wp6Hxf1wnGuHsWgAcMDchAKzS+CpIPbrw7kIAEAAA1ElsQw=="} +00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1639052949314245,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052949314245,"pkt":"AAAAAAAAAAgAVrKUht1gDMK7ABwRPzmRBy0zbmXsxb+l+oOtI94wJOXurC\/Ndl3Wp6Hxf1wnGuHsWgAc2C8hAKzS+DCgmLrw7eYAEAAA1ElsRQ=="} +00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1639052949726707,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052949726707,"pkt":"AAAAAAAAAAgAVrKUht1gDMK7ABwRPzmRBy0zbmXsxb+l+oOtI94wJOXurC\/Ndl3Wp6Hxf1wnGuHsWgAciKUhAKzS+Dby0rrw6y8AEAAA1ElsRg=="} +00854{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052950309556,"flow_src_last_pkt_time":1639052950309556,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052950309556,"l3_proto":"ip6","src_ip":"2a2f:8509:1cb2:466d:ecbf:69d6:109c:608","dst_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","src_port":62229,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1639052950309556,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"thread_ts_usec":1639052950309556,"pkt":"AAAAAAAAAAQAC1O2ht1gD4GkACIRLyovhQkcskZt7L9p1hCcBgg5kQctM25l7MW\/pfqDrSPe8xUa4QAiuZUBAO\/LwNkaKsifYvoAEAAAXBJdZgAABjkUAQ=="} +01302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1639052950315672,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":610,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":610,"pkt_l4_len":556,"thread_ts_usec":1639052950315672,"pkt":"AAAAAAAAAAQAC1O2ht1gD4GkAiwRLyovhQkcskZt7L9p1hCcBgg5kQctM25l7MW\/pfqDrSPe8xUa4QIsPEQBAO\/LwNkrxcifYvoAEAAAXBNdZmQ1OmFkZGVkMjY0Olt6GN4a4XJPFwwa4XJPNqIa4U3bBrD5J03bBa5eyS6kkX4iw03bAmvTm03bAzlkM8XSCKYtOJwA1jZOanJPJcAa4XJPFTMa4ZwA1TIFYXJPFUEa4ZwA1hZXanJPJcka4XJPN0Ea4WZEMl4a4cXSL7wa4U3bDTCPpHJPFdUAAXJPN+0a4XJPFyga4XJPJdEa4XGUfbweYXJPF7Ya4Y3tzXEa4SmKW7oa4bBE6PXP7JwA1TxbWV+emWoa4cXSQPY8dMXSQRCj+MpZSa4gYymKWfIyf8XSQYIa4V9GW8Qa4b5PQUlL38XSHRIa4U3bBdKokE3bBl7c5MjXtQka4cXSL7rTQCUDXkNEsjc6YWRkZWQuZjQ0OhgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAABgAAAAAAAgaAAAAAAAANjphZGRlZDY0MzI6JAWYALUQiNdQlRmDQPuzOOrkJANiAIhBA8Zxm8HewmfRLhrhKAQaPD6RyQD5+e0X8PMLDRrhKAOYAJCNic\/kobfhWSrVRRrhKgPsALFGLQiQ0rJMasWLJxrhKgPsALFVX7GkySnULDWtYQABKgPsALGDFNcE+jM\/aJRmIRrhKgPsALGMATOw4X7j0+0AAxrhKgPsALl9ntIgYIosLw+Q8RrhKgPsALGLG4DBNAlI4GnXHwABKgPsAA=="} +00857{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052950545675,"flow_src_last_pkt_time":1639052950545675,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052950545675,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c","src_port":6881,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1639052950545675,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":166,"pkt_l4_len":112,"thread_ts_usec":1639052950545675,"pkt":"AAAAAAAAAAgAVrKUht1gDngoAHARPzmRBy0zbmXsxb+l+oOtI94v2h+KwQeIpOUJ0uFEX\/NMGuEa4QBwlhdkMTphZDI6aWQyMDrlXFuiZTjDuuw6Y5fpKld4tI\/Cxjk6aW5mb19oYXNoMjA65VxX8VkubhLb4bEqLlkIOyJcOUNlMTpxOTpnZXRfcGVlcnMxOnQyOnRFMTp2NDpMVAECMTp5MTpxZQ=="} +01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052950545675,"flow_src_last_pkt_time":1639052950545675,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052950545675,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c","src_port":6881,"dst_port":6881,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} +00854{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052950583119,"flow_src_last_pkt_time":1639052950583119,"flow_dst_last_pkt_time":1639052950583119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052950583119,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1639052950583119,"flow_dst_last_pkt_time":1639052950583119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":166,"pkt_l4_len":112,"thread_ts_usec":1639052950583119,"pkt":"AAAAAAAAAAgAVrKUht1gAdfJAHARPzmRBy0zbmXsxb+l+oOtI94sf9egRKlJ6eWG+39bhZyDGuEAAQBwpipkMTphZDI6aWQyMDrlXFuiZTjDuuw6Y5fpKld4tI\/Cxjk6aW5mb19oYXNoMjA65VwDWNsjaMkiDHcKmOO7g\/XbXJhlMTpxOTpnZXRfcGVlcnMxOnQyOlMzMTp2NDpMVAECMTp5MTpxZQ=="} +01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052950583119,"flow_src_last_pkt_time":1639052950583119,"flow_dst_last_pkt_time":1639052950583119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052950583119,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83","src_port":6881,"dst_port":1,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} +01303{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1639052950737932,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":610,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":610,"pkt_l4_len":556,"thread_ts_usec":1639052950737932,"pkt":"AAAAAAAAAAQAC1O2ht1gD4GkAiwRLyovhQkcskZt7L9p1hCcBgg5kQctM25l7MW\/pfqDrSPe8xUa4QIsgIEBAO\/LwN+LSsifX1YAEAAAXBRdZrmjKql8pxLTwtgC3wABKgPsALmjOmYkMZq5vlzkRBrhKgPsALGlIxIQwxYNdIMcJRrhIAFEVQRNbwAAAAAAAAAAARrhKAQNQeBOQQCcCWtW2g3p0xrhJAmKMAGSIKAAJEcQZZTkzRrhKAQBTRSFgKXsCXPJ8t\/t0BrhJAJAACCAJn0lJdoyVKC02RrhJAmKMAGSIKABAowTtx2Z\/xrhKgPsALFHRmq0kvb8O5gcGhrhKAQH8LHAqrrtV+a7hK777BrhJAQAwIQRCU20IiGX0FJ9DxrhKgPsALGHCtRNvIdV3hcH8xrhJALigCE5AGsF1y+9GcXXOBrhODphZGRlZDYuZjI0OhgaGhoAAAAAAAAAAAAaGhgYGggAGAAAGDc6ZHJvcHBlZDMwMDolA14zRKopilndXiMpilpYLtop+IDsGuEqlgEaMthNKFAHGuFN2wLj9rpN2wYlVTxN2wy2WrlN2wzupylN2w3QCt1N2w37DTdVXvArGuFVrsilDI9qa5NYJzRyTxb9GuFyTyWlGuFyTzceGuFyTzdHGuFyTzeNGuFyTzeUGuGcANQSGuGcANQWOOacANQdGuGcANUDGuGcANYRGuGwNdRuBgSyz75mGuG1gY4CGuG5DXCeCSfF0gg6GuHF0ghJGuHF0hxaT7\/F0hy9j+nF0hzOAAHF0h0EC6vF0i8DErXF0i8ZDbbF0g=="} +01309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1639052950737932,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":610,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":610,"pkt_l4_len":556,"thread_ts_usec":1639052950737932,"pkt":"AAAAAAAAAAQAC1O2ht1gD4GkAiwRLyovhQkcskZt7L9p1hCcBgg5kQctM25l7MW\/pfqDrSPe8xUa4QIs+v4BAO\/LwN+MDcifX1YAEAAAXBVdZi\/V2y3F0i\/gGuHF0kBGGuHF0kDiGuHF0kFlrr\/F0kGGGuHF0kGlUlDF0kHNB+7F0kHoXwHF0kHs2H\/I17UBGuHUXXqZGuE4OmRyb3BwZWQ2NDUwOiABBxgABwIEZcdtGPiejOga4SABRFER3pwAIJ6pxVllU3Ea4SQEAMCEEAay+ca3SimFiVcAASQEAMCEEEQLtCIhl9BSfQ8a4SQEAMCEESK9EP3Rl8Q0ALQa4SQEAMCEESK9tCIhl9BSfQ8a4SQJimIEicMAbKmgRMkqff0a4SYAbFhOf28zAAAAAAAAF3Ea4SYFogCVALspGek\/Xi35jv8a4SgAAEAANxn7ZHlYzG5oPMYa4SgEAU1M0YqqAhyz\/\/50+vYa4SgEDUG\/HW0AVFhkdrZ+ftQa4SgEFFyETAAAiatQfV2Vbk0a4SoD7ACxghkcDGWqGhivX2sAASoD7ACxghkcpK1UO7U\/SOga4SoD7ACxgxTXvYdxG04A6z0a4SoD7ACxhgG68A3JgJPtC3Qa4SoD7ACxhiZNgbIwZSMmHFYa4SoD7ACxhzqaGGYVTl+foEwAASoD7ACxijPImdiKdGh3xIIa4SoD7ACxjwkRCKsdudTdrRga4SoD7ACxkDqEkGAXfkr1QLgAASoD7ACxkRiYpQNcDvEFsIIa4SoD7ACxlgU0GCe3Tmg4KLDSNSoD7ACxpDY4AEJfkg=="} +00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1639052951148900,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_usec":1639052951148900,"pkt":"AAAAAAAAAAQAC1O2ht1gD4GkACMRLyovhQkcskZt7L9p1hCcBgg5kQctM25l7MW\/pfqDrSPe8xUa4QAj2c4BAO\/LwOXno8ifSXsAEAAAXBZdZg72txwa4WU="} +01288{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1639052950309556,"flow_src_last_pkt_time":1639052951148900,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1697,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052951148900,"l3_proto":"ip6","src_ip":"2a2f:8509:1cb2:466d:ecbf:69d6:109c:608","dst_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","src_port":62229,"dst_port":6881,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} +00853{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052951219984,"flow_src_last_pkt_time":1639052951219984,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052951219984,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"38b2:46b7:27a4:94c3:c134:948:e069:d71f","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1639052951219984,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":166,"pkt_l4_len":112,"thread_ts_usec":1639052951219984,"pkt":"AAAAAAAAAAgAVrKUht1gDr4pAHARPzmRBy0zbmXsxb+l+oOtI944ska3J6SUw8E0CUjgadcfGuEAAQBw4FxkMTphZDI6aWQyMDrlXFuiZTjDuuw6Y5fpKld4tI\/Cxjk6aW5mb19oYXNoMjA65VwBHqHGiWSoFxPVm8S45ot6GsxlMTpxOTpnZXRfcGVlcnMxOnQyOmr7MTp2NDpMVAECMTp5MTpxZQ=="} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052951219984,"flow_src_last_pkt_time":1639052951219984,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052951219984,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"38b2:46b7:27a4:94c3:c134:948:e069:d71f","src_port":6881,"dst_port":1,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} +00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1639052952496260,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"thread_ts_usec":1639052952496260,"pkt":"AAAAAAAAAAgAVrKUht1gCDfFACIRPzmRBy0zbmXsxb+l+oOtI94wJOXurC\/Ndl3Wp6Hxf1wnGuHsWgAioDQBAKzS+GDlrbrw6y8AEAAA1ElsRgAAAV8UAQ=="} +01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1639052948897167,"flow_src_last_pkt_time":1639052952496260,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":106,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052952496260,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27","src_port":6881,"dst_port":60506,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} +00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1639052959035612,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":166,"pkt_l4_len":112,"thread_ts_usec":1639052959035612,"pkt":"AAAAAAAAAAgAVrKUht1gCe0yAHARPzmRBy0zbmXsxb+l+oOtI94v2h+KwQeIpOUJ0uFEX\/NMGuEa4QBw7ZJkMTphZDI6aWQyMDrlXFuiZTjDuuw6Y5fpKld4tI\/Cxjk6aW5mb19oYXNoMjA65VxdggPDJDvaNdNt\/L2j+bkuqMllMTpxOTpnZXRfcGVlcnMxOnQyOiVoMTp2NDpMVAECMTp5MTpxZQ=="} +00852{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052961890141,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052961892484,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="} +00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1639052962142439,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052962142439,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="} +00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1639052962191138,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052962191138,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="} +00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1639052963579689,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":210,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":210,"pkt_l4_len":156,"thread_ts_usec":1639052963579689,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAJwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCcOP4AAQCAIRKkQlUyZXJ1M05HdUpPbgAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAA2roABAAAAALAVwAEAAMACoAqAAhYlWblH2D7mAAlAAAAJAAEbn8o\/wAIABQ5szu0z17I9YE5t42kszUxGI8nq4AoAAQ7B4OH"} +00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969360318,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969360318,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1639052969360318,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1639052969360318,"pkt":"AAAAAAAAAAgAKih5ht1gChT5ACAGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbuscESWy8wKP2CEgBL\/\/+ibAAACBAVQAQEEAgEDAwo="} +02410{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1639052969517969,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969517969,"pkt":"AAAAAAAAAAgAKih5ht1gChT5BWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbuscESWy80KP2KJUBAAQlzUAAAWAwMAUAIAAEwDA2Gx9qmsk0SkPB6KDAiZvXlLcIQwNUuS8UsCtY0L22BDAMArAAAkAAAAAAAXAAD\/AQABAAALAAIBAAAjAAAAEAAFAAMCaDIABQAAFgMDCRMLAAkPAAkMAAU1MIIFMTCCBNegAwIBAgIQARkfjV3L9r9HIyjCQZoh1zAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMXQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwNjI5MDAwMDAwWhcNMjIwNjI4MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEeMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgC1s4G\/NmWra3EB1ViB4aiWbMPL7u1IoIlMpgn5kNUKgNwoi39Y6LTb+Bl8CrmpOOliciecDhWGPcHTDWIAx2KOCA3IwggNuMB8GA1UdIwQYMBaAFKXON+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBQZ22ajXmjoPgEhYrj\/45kMwDYdJjA6BgNVHREEMzAxggwqLmJpa3JveS5jb22CFXNuaS5jbG91ZGZsYXJlc3NsLmNvbYIKYmlrcm95LmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw\/m1HAAABelhQNzEAAAQDAEYwRAIgYeZpP+\/pPAjfswX1ISGsnmjFB4TkAWSbMt3y7HyRMywCIBC7D68n+qN3I9heI3yRIJz4gDyP6KV6L+SpG416yJboAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt\/XcaDXG7iDwIAAAF6WFA3EAAABAMARzBFAiBp6pKbAs2el1rhPRfScrzqYQmiOgnwezpUPc0Pt5jtXgIhAPhl0sVfcRlm\/W6Vcy5oIjTXFIQwT\/VRTjwXP2LNU411AHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF6WFA3JwAABAMARjBEAiBlw+pxlBqLJzpdOZ7QjnSDhXse\/VYyQs1QYcV8iP2Y6wIgOH2yamb7OYhqD3TT8HEY+GUOcPF4S5oYacz\/IatUT+4wCgYIKoZIzj0EAwID"} +01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969517969,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969517969,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2"}}} +02408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1639052969517992,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969517992,"pkt":"AAAAAAAAAAgAKih5ht1gChT5BWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbuscESW0R0KP2KJUBAAQnUtAABIADBFAiEA7RxPNj701c+7QX2jNqNJVJvfkrXXaQDkvfvj7eI9lQ0CIDfTeyI6EWEnoww8vKA3dIR\/D36WveN3dOnMT0w6Q1zHAAPRMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIwMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVDQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAenQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAUkHd0bsCrrmNaF4zlNXmtXnYJX\/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFelpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1HgoE6y\/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1CZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw6DEdfgkfCv4+3ao8XnTSrLEWAwMBHxYAARsBAAEXMIIBEwoBAKCCAQwwggEIBgkrBgEFBQcwAQEEgfowgfcwgZ6iFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8YDzIwMjExMjA4MDcwNjQzWjBzMHEwSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAEZH41dy\/a\/RyMowkGaIdeAABgPMjAyMTEyMDgwNjUxMDJaoBEYDzIwMjExMjE1MDYwNjAyWjAKBggqhkjOPQQDAgNIADBFAiA\/Ba4a+oKzM0DIq\/Ym9c2jm9PFFlvn1dBsVLW+3hQ6dgIhAM3JC7lV\/o\/6R7VZrtvaUv0LauAeiJjucdYshTXHExh8FgMDAHIMAABuAwAdIDwd"} +01621{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969517992,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969517992,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","notafter":"2022-06-28 23:59:59","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0"}}} +00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969585053,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969585053,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1639052969585053,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1639052969585053,"pkt":"AAAAAAAAAAgAKih5ht1gAPBzACAGMyABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusdiq5T1XdwhBagBL\/\/\/uQAAACBAVQAQEEAgEDAwo="} +02411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969733805,"pkt":"AAAAAAAAAAgAKih5ht1gAPBzBWQGMyABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusdiq5T1bdwhJfUBAAQnm1AAAWAwMAUAIAAEwDA2Gx9qme4uujwv1+7XVRUWnJHpI6\/iAaaJ7rvPDDXG+vAMArAAAkAAAAAAAXAAD\/AQABAAALAAIBAAAjAAAAEAAFAAMCaDIABQAAFgMDCRMLAAkPAAkMAAU1MIIFMTCCBNegAwIBAgIQARkfjV3L9r9HIyjCQZoh1zAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMXQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwNjI5MDAwMDAwWhcNMjIwNjI4MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEeMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgC1s4G\/NmWra3EB1ViB4aiWbMPL7u1IoIlMpgn5kNUKgNwoi39Y6LTb+Bl8CrmpOOliciecDhWGPcHTDWIAx2KOCA3IwggNuMB8GA1UdIwQYMBaAFKXON+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBQZ22ajXmjoPgEhYrj\/45kMwDYdJjA6BgNVHREEMzAxggwqLmJpa3JveS5jb22CFXNuaS5jbG91ZGZsYXJlc3NsLmNvbYIKYmlrcm95LmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw\/m1HAAABelhQNzEAAAQDAEYwRAIgYeZpP+\/pPAjfswX1ISGsnmjFB4TkAWSbMt3y7HyRMywCIBC7D68n+qN3I9heI3yRIJz4gDyP6KV6L+SpG416yJboAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt\/XcaDXG7iDwIAAAF6WFA3EAAABAMARzBFAiBp6pKbAs2el1rhPRfScrzqYQmiOgnwezpUPc0Pt5jtXgIhAPhl0sVfcRlm\/W6Vcy5oIjTXFIQwT\/VRTjwXP2LNU411AHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF6WFA3JwAABAMARjBEAiBlw+pxlBqLJzpdOZ7QjnSDhXse\/VYyQs1QYcV8iP2Y6wIgOH2yamb7OYhqD3TT8HEY+GUOcPF4S5oYacz\/IatUT+4wCgYIKoZIzj0EAwID"} +01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969733805,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2"}}} +02408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052969733805,"pkt":"AAAAAAAAAAgAKih5ht1gAPBzBWQGMyABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusdiq5VKbdwhJfUBAAQpK1AABIADBFAiEA7RxPNj701c+7QX2jNqNJVJvfkrXXaQDkvfvj7eI9lQ0CIDfTeyI6EWEnoww8vKA3dIR\/D36WveN3dOnMT0w6Q1zHAAPRMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIwMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVDQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAenQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAUkHd0bsCrrmNaF4zlNXmtXnYJX\/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFelpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1HgoE6y\/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1CZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw6DEdfgkfCv4+3ao8XnTSrLEWAwMBHxYAARsBAAEXMIIBEwoBAKCCAQwwggEIBgkrBgEFBQcwAQEEgfowgfcwgZ6iFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8YDzIwMjExMjA4MDcwNjQzWjBzMHEwSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAEZH41dy\/a\/RyMowkGaIdeAABgPMjAyMTEyMDgwNjUxMDJaoBEYDzIwMjExMjE1MDYwNjAyWjAKBggqhkjOPQQDAgNIADBFAiA\/Ba4a+oKzM0DIq\/Ym9c2jm9PFFlvn1dBsVLW+3hQ6dgIhAM3JC7lV\/o\/6R7VZrtvaUv0LauAeiJjucdYshTXHExh8FgMDAHMMAABvAwAdIDGI"} +01629{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052969733805,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","notafter":"2022-06-28 23:59:59","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0"}}} +00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":166,"pkt_l4_len":112,"thread_ts_usec":1639052971296401,"pkt":"AAAAAAAAAAgAVrKUht1gDJJRAHARPzmRBy0zbmXsxb+l+oOtI944ska3J6SUw8E0CUjgadcfGuEAAQBwt+hkMTphZDI6aWQyMDrlXFuiZTjDuuw6Y5fpKld4tI\/Cxjk6aW5mb19oYXNoMjA65VxCYpebxBOzZP3H84ohCF\/4mXRlMTpxOTpnZXRfcGVlcnMxOnQyOhlZMTp2NDpMVAECMTp5MTpxZQ=="} +00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974554138,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974554138,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1639052974554138,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1639052974554138,"pkt":"AAAAAAAAAAgAKih5ht1gBA3VACAGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusoI2aK1YLBRqPgBL\/\/4UNAAACBAVQAQEEAgEDAwo="} +02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1639052974704392,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052974704392,"pkt":"AAAAAAAAAAgAKih5ht1gBA3VBWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusoI2aK1cLBRtIUBAAQtsqAAAWAwMAUAIAAEwDA2Gx9q7NW\/InZk3e9l0G3VMCEwBfKMJf26DLOUsrrRkmAMArAAAkAAAAAAAXAAD\/AQABAAALAAIBAAAjAAAAEAAFAAMCaDIABQAAFgMDCRMLAAkPAAkMAAU1MIIFMTCCBNegAwIBAgIQARkfjV3L9r9HIyjCQZoh1zAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMXQ2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwNjI5MDAwMDAwWhcNMjIwNjI4MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEeMBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgC1s4G\/NmWra3EB1ViB4aiWbMPL7u1IoIlMpgn5kNUKgNwoi39Y6LTb+Bl8CrmpOOliciecDhWGPcHTDWIAx2KOCA3IwggNuMB8GA1UdIwQYMBaAFKXON+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBQZ22ajXmjoPgEhYrj\/45kMwDYdJjA6BgNVHREEMzAxggwqLmJpa3JveS5jb22CFXNuaS5jbG91ZGZsYXJlc3NsLmNvbYIKYmlrcm95LmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw\/m1HAAABelhQNzEAAAQDAEYwRAIgYeZpP+\/pPAjfswX1ISGsnmjFB4TkAWSbMt3y7HyRMywCIBC7D68n+qN3I9heI3yRIJz4gDyP6KV6L+SpG416yJboAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt\/XcaDXG7iDwIAAAF6WFA3EAAABAMARzBFAiBp6pKbAs2el1rhPRfScrzqYQmiOgnwezpUPc0Pt5jtXgIhAPhl0sVfcRlm\/W6Vcy5oIjTXFIQwT\/VRTjwXP2LNU411AHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF6WFA3JwAABAMARjBEAiBlw+pxlBqLJzpdOZ7QjnSDhXse\/VYyQs1QYcV8iP2Y6wIgOH2yamb7OYhqD3TT8HEY+GUOcPF4S5oYacz\/IatUT+4wCgYIKoZIzj0EAwID"} +01287{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704392,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704392,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2"}}} +02409{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1639052974704415,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1434,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1434,"pkt_l4_len":1380,"thread_ts_usec":1639052974704415,"pkt":"AAAAAAAAAAgAKih5ht1gBA3VBWQGMiABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABAbusoI2aMKcLBRtIUBAAQgdNAABIADBFAiEA7RxPNj701c+7QX2jNqNJVJvfkrXXaQDkvfvj7eI9lQ0CIDfTeyI6EWEnoww8vKA3dIR\/D36WveN3dOnMT0w6Q1zHAAPRMIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIwMDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVDQyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAenQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAAUkHd0bsCrrmNaF4zlNXmtXnYJX\/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFelpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1HgoE6y\/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1CZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw6DEdfgkfCv4+3ao8XnTSrLEWAwMBHxYAARsBAAEXMIIBEwoBAKCCAQwwggEIBgkrBgEFBQcwAQEEgfowgfcwgZ6iFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8YDzIwMjExMjA4MDcwNjQzWjBzMHEwSTAJBgUrDgMCGgUABBQS14tALDViBvqCf47YkiQRtKz1BAQUpc436uuwdQ6UZ4i0RfrZJBCHlh8CEAEZH41dy\/a\/RyMowkGaIdeAABgPMjAyMTEyMDgwNjUxMDJaoBEYDzIwMjExMjE1MDYwNjAyWjAKBggqhkjOPQQDAgNIADBFAiA\/Ba4a+oKzM0DIq\/Ym9c2jm9PFFlvn1dBsVLW+3hQ6dgIhAM3JC7lV\/o\/6R7VZrtvaUv0LauAeiJjucdYshTXHExh8FgMDAHMMAABvAwAdIEe5"} +01630{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704415,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704415,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","notafter":"2022-06-28 23:59:59","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0"}}} +00852{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052978452441,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvABwRPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgAcl50IAQAAIRKkQlo5L3NwNkJKYzZoYw=="} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052978709090,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvAKARPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgCgYyEAAwCEIRKkQk1ENkhOcE43bVdyN0AAAGYJEB5qy\/i6apiRZvn3XMXkctbCLKVSgdE+etIaSO7JbOt8VgBwQ6PpOhc8GnE1mfqvDmlkq2e8sWOF\/9QSZ9+\/3ZsaHutXU4\/yA\/LvUyR73PqXq7vvVwk5ZocXkuyrjHvs93CEXbgAAAAIABTHiAxW9AnRlqecEToF0hfWjRUykA=="} +00852{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052979210381,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yABwRPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgAc0j0IAQAAIRKkQk5zWlZOMGtRWWlzeg=="} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052979210765,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAKARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCgt74AAwCEIRKkQkhCZVJqYUhKN2FOWUAAAGYJEMzluAd5ZUXHIG6GisEWroK42o70dYdL4WqSdPq9VYO3OjGxFI7w7pBgN3c6YR8KjSMY+2Ef8toiPPzGNZ6A1i89fknsYqJ9SYub5TFTaEnS4NE02DKCNshJ0L2AWj8kO7uEBsUAAAAIABTng0rXsLYilkJ4duCqCg2pGBOUjQ=="} +00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1639052979218699,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979218699,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQ\/5MAAQB0IRKkQkJ5RTBTMEFLcS8yZQAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABTKxPaKL217enpIf2AGYjmMTGV454AoAATAmK\/f"} +00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1639052979381748,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979381748,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQrREAAQB0IRKkQjY4V3ltQWRhSzZoTAAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABQoQCd0hET\/ud5uUOzbGiF4yVYzZoAoAASXw0bX"} +00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1639052979556213,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979556213,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQ97wAAQB0IRKkQldMcmpoVTNGUFVyagAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABS74KJfCrW2wh1E6b3fJs\/qV0yS0oAoAASJhjGh"} +00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969360318,"flow_src_last_pkt_time":1639052969517992,"flow_dst_last_pkt_time":1639052969360318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052969585053,"flow_src_last_pkt_time":1639052969733805,"flow_dst_last_pkt_time":1639052969585053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44150,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704415,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00855{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052950583119,"flow_src_last_pkt_time":1639052950583119,"flow_dst_last_pkt_time":1639052950583119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01302{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052948897167,"flow_src_last_pkt_time":1639052954929738,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":369,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":637,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27","src_port":6881,"dst_port":60506,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} +00858{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052950545675,"flow_src_last_pkt_time":1639052959035612,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c","src_port":6881,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00854{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052951219984,"flow_src_last_pkt_time":1639052971296401,"flow_dst_last_pkt_time":1639052951219984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"38b2:46b7:27a4:94c3:c134:948:e069:d71f","src_port":6881,"dst_port":1,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052964857829,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01048{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052950067975,"flow_dst_last_pkt_time":1639052950546662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":144,"flow_src_tot_l4_payload_len":744,"flow_dst_tot_l4_payload_len":846,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052981556623,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1276,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01301{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1639052950309556,"flow_src_last_pkt_time":1639052960302401,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1839,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2a2f:8509:1cb2:466d:ecbf:69d6:109c:608","dst_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","src_port":62229,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} +00610{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","packets-captured":88,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_usec":1639052981556623} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 88/88 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 15254 bytes +~~ total detected protocols..: 12 +~~ total active/idle flows...: 12/12 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7634427 bytes +~~ total memory freed........: 7634427 bytes +~~ total allocations/frees...: 142923/142923 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 539 chars +~~ json string max len.......: 2417 chars +~~ json string avg len.......: 1477 chars diff --git a/test/results/enable_doh_heuristic/doh.pcapng.out b/test/results/enable_doh_heuristic/doh.pcapng.out new file mode 100644 index 000000000..1ffa06cb9 --- /dev/null +++ b/test/results/enable_doh_heuristic/doh.pcapng.out @@ -0,0 +1,28 @@ +00519{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00582{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623220847881632} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847881632,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623220847881632,"pkt":"pJGxgjQ53KYyW3JVCABFAAA8GoVAAEAGW5DAqAH9AQEBAYycAbvJgv8BAAAAAKAC+vDR+gAAAgQFtAQCCAq18KmgAAAAAAEDAwc="} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623220847893990,"pkt":"3KYyW3JVpJGxgjQ5CABFAAA0AABAADgGfh0BAQEBwKgB\/QG7jJzQgMYoyYL\/AoAS\/\/+80AAAAgQFtAEBBAIBAwMK"} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1623220847894289,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623220847894289,"pkt":"pJGxgjQ53KYyW3JVCABFAAAoGoZAAEAGW6PAqAH9AQEBAYycAbvJgv8C0IDGKVAQAfb7rwAAAAAAAAAA"} +00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":315,"pkt_l4_len":281,"thread_ts_usec":1623220847903684,"pkt":"pJGxgjQ53KYyW3JVCABFAAEtGodAAEAGWp3AqAH9AQEBAYycAbvJgv8C0IDGKVAYAfbHEwAAFgMBAQABAAD8AwPoLOpgwE25psercF8dtgS9urXcGuIXWON7hv8MEOxxwCBmK04kA9gzmAQCdEKOzz6ZUSvZIzIKAJ4xNU24mlRHDQAmzKjMqcAvwDDAK8AswBPACcAUwAoAnACdAC8ANcASAAoTAxMBEwIBAACNAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIBKfRS3py5Rs1YQ6EAtEgG+yypeHCfHggy9eoe\/nh6Bu"} +01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847903684,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"7c1e207beb00684bbbe144f1b0abe1d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847916856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623220847916856,"pkt":"3KYyW3JVpJGxgjQ5CABFAAAoTTlAADgGMPABAQEBwKgB\/QG7jJzQgMYpyYMAB1AQAEL8XgAAAAAAAAAA"} +01335{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847919967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623220847919967,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"7c1e207beb00684bbbe144f1b0abe1d5","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +02288{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220894239868,"flow_dst_last_pkt_time":1623220878891197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":606,"flow_dst_tot_l4_payload_len":3569,"midstream":0,"thread_ts_usec":1623220894239868,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":2495735.5,"max":15359810,"stddev":5583085.5,"var":31170844688384.0,"ent":2.4,"data": [12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810]},"pktlen": {"min":46,"avg":174.8,"max":1500,"stddev":350.9,"var":123099.2,"ent":3.6,"data": [60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0],"entropies": [4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":61,"flow_dst_packets_processed":59,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220970655801,"flow_dst_last_pkt_time":1623220970669537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1881,"flow_dst_tot_l4_payload_len":5821,"midstream":0,"thread_ts_usec":1623220970669537,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00594{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","packets-captured":120,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":7702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1623220970669537} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 120/120 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 7702 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7607170 bytes +~~ total memory freed........: 7607170 bytes +~~ total allocations/frees...: 142816/142816 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 524 chars +~~ json string max len.......: 2293 chars +~~ json string avg len.......: 1343 chars diff --git a/test/results/enable_payload_stat/1kxun.pcap.out b/test/results/enable_payload_stat/1kxun.pcap.out index 58d579ec6..f37541012 100644 --- a/test/results/enable_payload_stat/1kxun.pcap.out +++ b/test/results/enable_payload_stat/1kxun.pcap.out @@ -1290,9 +1290,9 @@ ~~ total active/idle flows...: 197/197 ~~ total timeout flows.......: 20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8506082 bytes -~~ total memory freed........: 8506082 bytes -~~ total allocations/frees...: 152931/152931 +~~ total memory allocated....: 8140447 bytes +~~ total memory freed........: 8140447 bytes +~~ total allocations/frees...: 147334/147334 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 523 chars ~~ json string max len.......: 9038 chars diff --git a/test/results/enable_stun_monitoring_with_subproto/wa_voice.pcap.out b/test/results/enable_stun_monitoring_with_subproto/wa_voice.pcap.out new file mode 100644 index 000000000..b12fdc9c8 --- /dev/null +++ b/test/results/enable_stun_monitoring_with_subproto/wa_voice.pcap.out @@ -0,0 +1,222 @@ +00538{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00601{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1561455687942546} +00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687942546,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1561455687942546,"pkt":"xiwDYGpkkLkxKPrKCABFAAA8VCwAAP8R4ibAqAIMwKgCAcjnADUAKL4MZG8BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687942546,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687944542,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1561455687944542,"pkt":"kLkxKPrKxiwDYGpkCABFAABMq4sAAEARSbjAqAIBwKgCDAA1yOcAOH0WZG+BgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"} +01110{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687944542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1561455687944542,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}} +00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687991884,"flow_src_last_pkt_time":1561455687991884,"flow_dst_last_pkt_time":1561455687991884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687991884,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1561455687991884,"flow_dst_last_pkt_time":1561455687991884,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1561455687991884,"pkt":"xiwDYGpkkLkxKPrKCABFAAA89ksAAP8RQAfAqAIMwKgCAe1dADUAKOSmDHcBAAABAAAAAAAAAWcId2hhdHNhcHADbmV0AAABAAE="} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687991884,"flow_src_last_pkt_time":1561455687991884,"flow_dst_last_pkt_time":1561455687991884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687991884,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"g.whatsapp.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1561455687991884,"flow_dst_last_pkt_time":1561455688018542,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_usec":1561455688018542,"pkt":"kLkxKPrKxiwDYGpkCABFAABj38gAAEARFWTAqAIBwKgCDAA17V0ATz5mDHeBgAABAAIAAAAAAWcId2hhdHNhcHADbmV0AAABAAHADAAFAAEAAArzAAsEY2hhdANjZG7ADsAsAAEAAQAAAEEABJ3wFDU="} +01111{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455687991884,"flow_src_last_pkt_time":1561455687991884,"flow_dst_last_pkt_time":1561455688018542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":71,"midstream":0,"thread_ts_usec":1561455688018542,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"g.whatsapp.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"157.240.20.53"}}} +00812{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455688201615,"flow_src_last_pkt_time":1561455688201615,"flow_dst_last_pkt_time":1561455688201615,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1561455688201615,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +02525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1561455688201615,"flow_dst_last_pkt_time":1561455688201615,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1561455688201615,"pkt":"xiwDYGpkkLkxKPrKCABFAgXUAABAAEAGJCjAqAIMEfI8VMDKFGdIDyQZ7pIeMIAQCAC0bwAAAQEICjTN8KY8skLCFwMDD+Ai5NOSopi\/6GqwlD\/tAZzY1QGzvljqTGTmGCJOrU3x8CYKomrYaziO5eZ4ouY8cCYpOJvKrDNJX33pdge2bBxjgZp3ciHlbT9gHcPpJV3HIK5K4Xwsy7N\/d9l3pDdGz5PHrVVzZeXakf14DKR+hXrIhRVy6hpv5t2VthQzM3sKU7KhJpL\/6a5Sp489WK3Z7dzYFK2J+ermhE1b03GDPIEb7MGTpTJQaqangZgy8gro1eaetAilk1o529zodA1M9O5BVqL2oF301LG+kaqQTY1SPLvOnn1MxBlBEbzmsfvPr0H7C5Xcv51kP+cMU9R39VU1KEVp3e+2GMmIXWxgb+NKRMo4d5o6BKoHJ36YKQ33eAmIMAcZsFkdzfDz5q2jCxngiuQsbQKoYL1rQHGV7CXWI3zE9edQrQPJaGQZaxu\/+b+1vqSWxtCMEOUMVSmhM+FpUOqnKqwXsN4BgvySE1+U34RH0SV6FPoBjF0WGfVjkUid\/lVZcbedi\/PfkG0yBpT2\/Is9EIUqT+5Azj96UOFZqIEtSsIYSrk7ySkvjrKz5bHkeMLQk1mxQwJByZOSa30oY5bmNGAgD00g7CKAigVgWl6pq33BURhk4PDRhLJn426pN8ndnOOPzVylhr5g1C978hT8qaiuW1hlXdPnoMeCp9hEy7A5ziIjQi\/j6SVmDBSjwtJ0oqoQ\/ul2VzP1hHUGnZiTl\/qoxKKUfFrrwqTto6BvQjrKNa8bmHfrJg1RkCF3YK1iU3RCTPB\/4c68wZU3wRZ8hH1dNOLSgkwNQHFvEa\/gv\/qOxZkCS+Hpja9b5OtYooCqZnURTItdIoosw\/pte6KHG8eCIx\/U7yLLCmLs4D6MQwGZZ2yJ9zt9zcZXv1g03W4UohfquGy0ioHzSnw\/O3jNSfyTyrsrgxGqBD7B02ehphvU7Ax3IIziLDpWGnOBTyjYVNl423Z+0c9qK5fdUeybRNKKbWmwJqAFyKo3Mn2oSjBse+IbmEyy74UtCrn7MO79P00k7ZwAdz4X9zs28aMTKpnGFfXXxKMpT0Dd5ofiYXaTFr2Jwybi92XLCleA2OWxMIUro0rxoo67fYKdVxbqwQCMyEw6LTznHMXWYOpkkn6VHuawZe8M1HJsON5lEoItuqd\/IBfWUMshGlV8OgIAoc3EW3VlOFAiqg0pqVqjmyE8T8wQAvejRCf2f7iThtrzSrjIJDgibkW3Ecp3KoIC1KVlhjp4HLMvTgc12F13bDzcsr4rYSNpgOus\/4N4UzMrQyfYM2uNlqx0HfPLs50MVn\/Kyef0KdSuCHGqHLEJ+g1+EB9i2mop53wwymGotu9IoWgU02wrdRtoavOIQ5TMaPT9Jy+tmpyw9rSZn4YhMfxR72sCFIVM2eQlDOP2kti8y02qh8vwstuWp8ER3\/PKo9BgChhkuUmF5Df6lKXn1exWi67C9f1S5pc1iv33gDt3T0VcEHwoxmIh6MLrQ4LDUY7JX7mEuRfro3sR\/Ir2ufPPOhOBqsPV5YskVY9tWAevz7WMRn8EtRyvVaVHL3wxu1gErJNgcQ\/Af9fGR5KHI8lfrzLWY+bV9Q6PY8piE9FU2r7QV9Q5YgbBE6yKjPA3fOpiBOv+IVCsLXJNVdRvAywibpuoJAy2z01Fc5o3x+ZW2eqdFSSyuDepi7EBv4YJnAtmqjCVimRnoZ68Pz\/ocEFw5tBKkvU5uadJKwflJJ0hJUUOKwAQFCWvvApj3f356wTvDmU788W1R\/Vmzin60ZrsL16uD4sDmXGOueQVWddIzbIT0jyuT6IK9gJjCyELuMZhwwjNJ\/gEh8+\/PwFaVXbn\/1dsvjpj0IhPwCusRttL60194v983ySgSQpQrf9f+n\/rJIRYwpsq4DBRu9SydD72zD93mD4idl3s3tsUHh6rp5k7Bf4L"} +01090{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455688201615,"flow_src_last_pkt_time":1561455688201615,"flow_dst_last_pkt_time":1561455688201615,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1561455688201615,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ApplePush","proto_id":"238","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +02524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1561455688202302,"flow_dst_last_pkt_time":1561455688201615,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1561455688202302,"pkt":"xiwDYGpkkLkxKPrKCABFAgXUAABAAEAGJCjAqAIMEfI8VMDKFGdIDym57pIeMIAQCADYpQAAAQEICjTN8KY8skLCFtVfgrozcBhAJsfsFvLQO\/UNbKaPAKskPEHc2H7HNZvZ0KHfZ\/KP+B9OyPm0SdMSjavTXp1RBX4n8dtnNy7ldwySyG0XJJWeRoZiiRtgXrZdFFD0QAS3Pe1DBo\/FUctyy9XBKqwrw5v92Jj5UtBctOxUvfejQ1SPTAJ5IukXOUTVRhF+GJ6uJpn2Gyv2J\/hXj4mZyNeIliL2I7bOA3ury1GpGWko+MWMnPSKdWfc+5iZ8htj49VB2VDsL+uaCsidGqZX708pkKajJgAtzAX6+OwUhPXab61vOJn2ZVsE84On3Sc1Kl0WWtXgaA5Kty9ym4wLqQYEYP55F5oeJX4cTBOZRUcxhyM2DEPfiJE4aGH7aPKJO1JXXtoaeR6aRsid5OY044cRXoCwjbqa8kVLoyG\/1hSUaMwK17Rm6Nq+PbrF+ED8fmHgN\/1Dutcz+R4xma\/dfBoQDryBVCTEwOthrl7LLjRmNDBA\/nKPrgUx1pUPyir\/k\/cBNu5VmA9ROEDXJTcYsaqkjSroNougihkTVcfxMwA0V1eozYWnylZYZfyg3u53u+M+Do2uu\/vpHb6ZX\/5fq7AfMO72tRX4kcflTeOHJPV42uX70ZwC1O+A2X8wG0wRrb8uK6OFhHts3S52N3FVIqWr3CBOEKtXus3msBLphIaEqtw7dKWimDDeKkgZyeDybQGBbwSqGgwXI4sXoyN6QNVYT2T4i6kGXwJ8KRo8HtR5yB7rhqGJ7va7Tq2PlcpSnVIQRwao1mofCncrFLbOpoxslAuFLv8G+fW1GEiueEIhAplFAErT8lEbc6sY9uI88S0O6mDpNBlvCBLanRfw12SWljEVA4Wh2w31ojL9SCLJgyYKb3rrXT3V5i0AGJxXutmEyz9yTXUcoSU1YUo3WfmVLfx6RyxgbfoU7yfB7G33wI6gfsYIkzsYXlIla2ZkFjlWmYTCmfyEh6mVsXCVMnp1BhZdWj+7bWgfM4VrhMG0uNxDM0Z53kq9r7jYLXP1URavTKVNjY1WxQ1RAuRJtVPSgtQELf6AAzGAMW947SHl7bPC94gub8Kmqytrgl8ICRtP21Twca8YlwoKzIkJ0ROGsHSJ1IUBnknB2X57XNTUY80EyrwKOEYdXqBbK5\/uwztG9gvPjPu8PKqPu7OCXZj1ZBnnEX2PjjdGe8\/qo\/GKpAlJAuol7xe33zGz401h7+ux36y894Mbarjx1CDQxx9YqwY6Lr4EHSyCq\/xOaCM9Ig4AmEcFYjNP6niCHmI6fO24v\/GQB6WXdzSw2ClyCXHYbvr4Qqi+4qXoeh2xXDeKjcBBfLtEOni++s2q3gzhbAvkZLj\/NmeA2TXw0Z3iDbzj8\/Y4RPkg+eKwZkIo3UDfKsFnJdpryN60+cHgLr\/4b6yqkGde7QP698bVNcwUBDmhcPTGUF72BSrLQvrtwQZtWbAZrNkztpBLnQ0QkqUG4rCER6dvRqYMKv5dFfseMTa1Q1gUuqPbbz23yUKTRtop\/\/Lht4EEFlQYsfbz48ddhpIGiMg5mZbcRDG3SabEXgtzSNVHYYfQC6vW4pikjByoIlKAdhA6SR3Oh3PU52UQkf1H00x5\/\/1hV8lcpLckyN2LNUVFAYrwz5do38QxPssBrJ+3S6\/aEGPegc3B67mnX5V9KdAWJTKT9mA6BOcYDIvqCcaofS9sLdAjWNazl\/6YRqmsk\/JZn6nsHta+t4co6kKrh8ZoenAhtwbNaOVmExbItteeviDeqFUd2pkhp3kXIT8d6YMdXIloWHR8vT7oGOwNL5sNWFZXjAeqyXFLohZVoKLbw4szdHzrmDOl0IHwY6y6lYvTSYc6OyNhkaHXFSCKUjvAFZPuWmliraxAT7phw5quixNUJhdRcYng0LMN9J3KAyHFA8Ber5WNyIqMxWZ5wh4eVaY0B\/wQ"} +02185{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1561455688202454,"flow_dst_last_pkt_time":1561455688201615,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1255,"pkt_l4_len":1221,"thread_ts_usec":1561455688202454,"pkt":"xiwDYGpkkLkxKPrKCABFAgTZAABAAEAGJSPAqAIMEfI8VMDKFGdIDy9Z7pIeMIAYCACWYAAAAQEICjTN8KY8skLChD9+sl9zTIn+9oKwtdTi9Vdi\/cqtS9SsuLktLexhq+H6HSh0nUz\/pR7lGjfA8jUSbTLAiEYeFmvZtDgZTjhibXwhbTyW2ej1slX5wS0YUeKb381u+fexhn3xRkOOgFD2lHUCDNs6ZDxZ3MgjWXZ\/6y+5+G4Cr5MmO9LbbXgHM2tCoGf6bFpAilIbDNDjf72PZn2d6eJMciO25CCni3NwF1VQe25Bd9JCM8RNSipKwwpntSqY6SidwnIyNKgMjNfj+GMhuOpcSsAcRSjT\/L\/y6Nc7rkRDfvgoZpO7IrcZRsLerm0SSzH8usyI2xA+WCvEPlDoV\/87+olgpceCoKG1cf6TrD9aD7Lh7Yzi2mRYXX50kN9XYC9UhK+eEqcUiK0EA6ia38NkceSip2pBuv85\/091UH5OzSLrTUOJg+XVoE7ssGb7XKiRE+FOZu+zmhmuXn2Ujg8u76JsqT+uY0KkCyvwkXLeCV2kPGxz31MiSwGtNtz1oNvEGHur+FQDs\/zPpy1TfX803cqFKkblAu9BFTe4MXIK6IqhxFJcK3dj\/d8o2Zlvxu2S2NA3FH3zT7CWqacXhL+wQyS+\/DALOFfsZZCyD97Lwmcig1rgISji1T9qsBO4dRFWt5bVa2GoIozmHRLhPE\/xUBXrVvCjMLlRXbBby9l3tFLBkeNarajglfyHMtazotsPWceBe13wiPjaSciJqd486cT5nmripbb2TNv6m2QS+yBxolanBtMMlalvyClJnjFYXmEMA\/Cqafcjah0LpamWi5cGxlhK2o7VpcXk60WiDqklprDwU1C6AQQ3t9+In381BWOH2ylFLvtkYQS6mza73M7ORMV9T+VX4ja00u4BItehp2lgwr5wZ9hQu6lejNiwFYLaMPe7D\/bAwWtcZeYT8kAUL9H2S1idX7efThRI\/sFUnhFydcfZzFx9yoqvQ\/XNBIf8hR2ZwEmxUM7nHYq2mZ+\/B91bETK14kZx6AmSi1jqJABWenJppvp4cXzcY1BWUqJk0PLYkAexhw7t652If5IzcojeSdWFP2lhdau7nHX6G7lW4Utg7ZWXLyccWSWSv6ha+LeiDlED1cCwY2vVHkPEKRqluaQYKLl2qvR1wE3m0usuIl4q2MEc3z7A5MGmXicgQHspwoVe96OedZ9UbKdxn5F5OBTgOA+JY4EBKs3\/51SigijtnbNr7w00IZM1a32DUVsHDNnCKoJQHhPhULTSuboR4FgTKv5jA8DkAaFXzOTQQMYjx7YZD+FVCVnmqRcXzRQCUejaACj05EFq7vsiXpx9kEWnOGLDfJ22A0AjBRXoBK9EYB2xjWa+gzWXLgtnfTfAdhzT3lkAyklF\/qQA0sttDRgDxUQ4slW4E3BzVFH0h4GehIXJZzWEseP9XQr0J1UhTOB7Dv78mCeQyIVzY5PpIKGqL37IUaJV6gk4viji4bM8JRt522Xsc3xIrKuiMjhRRmYQYZR2\/fsuI+jWL\/oLRyVbeQmMYbj2qIY8qMyxD0\/HUbbJCm1sWV3U2RsK1wnhcO2gFFVKyPqfKwE0xDwAtsxVH6ZCeakAFNP5dRNlfhay6WJ8owHDTw=="} +00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1561455688202454,"flow_dst_last_pkt_time":1561455688226427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455688226427,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0TxoAADEGKbAR8jxUwKgCDBRnwMrukh4wSA8vWYAQAYNbPgAAAQEICjyzTX00zfCm"} +00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1561455688202454,"flow_dst_last_pkt_time":1561455688226428,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":1561455688226428,"pkt":"kLkxKPrKxiwDYGpkCABFAgBpTxsAADEGKXgR8jxUwKgCDBRnwMrukh4wSA8z\/oAYAZklAAAAAQEICjyzTX40zfCmFwMDADBBMeYgtgt9IoqVyG19Nwskqr7pCCl5Q+uac6KaMFU5rnqChCXfQ+g55lEPhVLxVNw="} +00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455688445940,"flow_src_last_pkt_time":1561455688445940,"flow_dst_last_pkt_time":1561455688445940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455688445940,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1561455688445940,"flow_dst_last_pkt_time":1561455688445940,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455688445940,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI7iMAAEARBjHAqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="} +00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455688445940,"flow_src_last_pkt_time":1561455688445940,"flow_dst_last_pkt_time":1561455688445940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455688445940,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} +00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455688704143,"flow_src_last_pkt_time":1561455688704143,"flow_dst_last_pkt_time":1561455688704143,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455688704143,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1561455688704143,"flow_dst_last_pkt_time":1561455688704143,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1561455688704143,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGxd7AqAIMnfAUNcDLFGab0QrZAAAAALDC\/\/8eGAAAAgQFtAEDAwYBAQgKNM3yoAAAAAAEAgAA"} +00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1561455688704143,"flow_dst_last_pkt_time":1561455688744885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1561455688744885,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFMG8uKd8BQ1wKgCDBRmwMsu6BkVm9EK2qASbHAbGAAAAgQFeAQCCAoefUIDNM3yoAEDAwg="} +00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1561455688841176,"flow_dst_last_pkt_time":1561455688744885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455688841176,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxerAqAIMnfAUNcDLFGab0QraLugZFoAQCAytcgAAAQEICjTN8zsefUID"} +00920{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1561455689011542,"flow_dst_last_pkt_time":1561455688744885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":322,"pkt_l4_len":288,"thread_ts_usec":1561455689011542,"pkt":"xiwDYGpkkLkxKPrKCABFAAE0AABAAEAGxOrAqAIMnfAUNcDLFGab0QraLugZFoAYCAzMiwAAAQEICjTN83QefUIDRUQAAQAABAgFCAJXQQIBAADuEusBCiBs0lNzQCsv7mZcQ2g9JM5uc6RaWdA0Z64D7QJcOwjYQBIwJmlZLwntGSmIUxkxmNU28MJEcpB5OO0bQ\/MwTSXlPLcL0EAJwIPtRK4BkKxQEm8yGpQBpLbkwMhu60ti3xyo\/m+XNYQLSmvCZ+cyrvXBWv8GYjuw8tYDgMacJ4yVZ+X9ZR3kf2p2m9XmrT2zaBZrBe+6EOIG0o6LyS8qOT0UE3nWMyWNJfTas6N87sRPyREaOk2FytfLtO+4712zSQlNYUuRQxaykkbGBTBlWKUqb+90F2R6MgcPFF6d9coTYMiRbWh0F9ty5g=="} +00962{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455688704143,"flow_src_last_pkt_time":1561455689011542,"flow_dst_last_pkt_time":1561455688744885,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455689011542,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1561455689011542,"flow_dst_last_pkt_time":1561455689048966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455689048966,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0cPoAAFMGgfCd8BQ1wKgCDBRmwMsu6BkWm9EL2oAQAHGyoQAAAQEICh59QzY0zfN0"} +02185{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":43,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1561455688704143,"flow_src_last_pkt_time":1561455689377891,"flow_dst_last_pkt_time":1561455689390636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":286,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":6993,"midstream":0,"thread_ts_usec":1561455689390636,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":43878.7,"max":304081,"stddev":76394.5,"var":5836114944.0,"ent":3.2,"data": [40742,137033,170366,304081,130232,56,30959,5260,28,391,1,177,42,1186,210132,335,9,41,206,11,311,41447,129925,50,6,6,5,1043,24269,131853,38]},"pktlen": {"min":52,"avg":295.4,"max":1440,"stddev":467.5,"var":218553.5,"ent":3.8,"data": [64,60,52,308,52,109,103,137,1440,92,1440,155,1440,164,1440,52,52,52,52,52,52,52,1045,84,98,119,82,111,52,338,52,52]},"bins": {"c_to_s": [11,3,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,1],"entropies": [4.472632408,5.115064144,5.014835358,7.171360493,5.130219936,6.068146706,5.962917328,6.548506737,7.870247841,5.888707161,7.854815006,6.678243637,7.877118111,6.722311020,7.881030083,5.014835358,5.014835358,4.976373196,5.091758251,5.091758251,5.130219936,5.008132935,7.805761337,5.645539761,5.925289631,6.203728676,5.699334145,6.150419712,4.961856842,7.298644066,5.038780212,4.955154419]},"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455689728258,"flow_src_last_pkt_time":1561455689728258,"flow_dst_last_pkt_time":1561455689728258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455689728258,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1561455689728258,"flow_dst_last_pkt_time":1561455689728258,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1561455689728258,"pkt":"xiwDYGpkkLkxKPrKCABFAABL058AAP8RYqTAqAIMwKgCAdgAADUAN5FDM2kBAAABAAAAAAAADG1lZGlhLW14cDEtMQNjZG4Id2hhdHNhcHADbmV0AAABAAE="} +01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455689728258,"flow_src_last_pkt_time":1561455689728258,"flow_dst_last_pkt_time":1561455689728258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455689728258,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.WhatsAppFiles","proto_id":"5.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"media-mxp1-1.cdn.whatsapp.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1561455689728258,"flow_dst_last_pkt_time":1561455689761023,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1561455689761023,"pkt":"kLkxKPrKxiwDYGpkCABFAABbphoAAEARTxrAqAIBwKgCDAA12AAAR3hsM2mBgAABAAEAAAAADG1lZGlhLW14cDEtMQNjZG4Id2hhdHNhcHADbmV0AAABAAHADAABAAEAAABFAAQfDVYz"} +01130{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":61,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455689728258,"flow_src_last_pkt_time":1561455689728258,"flow_dst_last_pkt_time":1561455689761023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1561455689761023,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsAppFiles","proto_id":"5.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"media-mxp1-1.cdn.whatsapp.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.86.51"}}} +00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455689909150,"flow_dst_last_pkt_time":1561455689909150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455689909150,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1561455689909150,"flow_dst_last_pkt_time":1561455689909150,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1561455689909150,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGAsTAqAIMHw1WM8VHAbtOnG1kAAAAALDC\/\/9BlgAAAgQFtAEDAwcBAQgKNM4E3wAAAAAEAgAA"} +00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1561455689909150,"flow_dst_last_pkt_time":1561455689928899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1561455689928899,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFQGLsgfDVYzwKgCDAG7xUfuAwj8TpxtZaASbHDC9wAAAgQFeAQCCAqHqaVzNM4E3wEDAwg="} +00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1561455690036803,"flow_dst_last_pkt_time":1561455689928899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455690036803,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGAtDAqAIMHw1WM8VHAbtOnG1l7gMI\/YAQBAZZdQAAAQEICjTOBV2HqaVz"} +01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1561455690039586,"flow_dst_last_pkt_time":1561455689928899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1561455690039586,"pkt":"xiwDYGpkkLkxKPrKCABFAAI5AABAAEAGAMvAqAIMHw1WM8VHAbtOnG1l7gMI\/YAYBAYvJwAAAQEICjTOBWCHqaVzFgMBAgABAAH8AwNcVCo+6ckxRamHLuTFRhM635aj8rPn5Xsyc8oyNs70zCDheIsHXcZUiMjn0WFeVyeYgqZCpFf+j0FPaajeZJof+QA0EwMTARMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAACIAIAAAHW1lZGlhLW14cDEtMS5jZG4ud2hhdHNhcHAubmV0ABcAAAAjAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIGUBEpxLHOCHLdBePKDwToeE+eWXh1GjpLqsIp7hpBQmAC0AAgEBACsACQgDBAMDAwIDAQAKAAoACAAdABcAGAAZABUAlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455690039586,"flow_dst_last_pkt_time":1561455689928899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455690039586,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media-mxp1-1.cdn.whatsapp.net","tls": {"version":"TLSv1.2","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1561455690039586,"flow_dst_last_pkt_time":1561455690055150,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455690055150,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0CsgAAFQGJAgfDVYzwKgCDAG7xUfuAwj9TpxvaoAQAHFafgAAAQEICoeppfc0zgVg"} +01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455690039586,"flow_dst_last_pkt_time":1561455690058075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1561455690058075,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media-mxp1-1.cdn.whatsapp.net","tls": {"version":"TLSv1.3","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +02184{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":95,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455690224696,"flow_dst_last_pkt_time":1561455690224643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1331,"flow_dst_tot_l4_payload_len":7979,"midstream":0,"thread_ts_usec":1561455690224696,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":20356.1,"max":163286,"stddev":46938.1,"var":2203181824.0,"ent":2.5,"data": [19749,127653,2783,126251,2925,28,22,21046,163,145211,12,6,5,40,5,163286,2,38,0,250,1,16,17472,279,12,8,2386,284,150,389,567]},"pktlen": {"min":52,"avg":343.6,"max":1440,"stddev":489.7,"var":239839.3,"ent":3.9,"data": [64,60,52,569,52,1440,1440,335,52,52,116,98,95,87,388,311,52,223,126,83,52,100,484,52,52,52,52,1440,52,1440,1440,83]},"bins": {"c_to_s": [10,3,1,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0],"entropies": [4.453177452,5.156567574,5.038779736,4.954115391,5.062724590,7.845219135,7.875988007,7.363695621,5.038779736,5.077241421,6.006405830,6.022478580,5.964075089,5.738524437,7.327147007,7.233700752,5.115703106,6.979569435,6.337362766,5.826725960,5.032077789,6.041212559,7.548195839,4.923395157,4.961856842,5.000318050,4.947339535,7.873440742,5.038779736,7.854992867,7.876389503,5.699865818]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} +00811{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455701309996,"flow_src_last_pkt_time":1561455701309996,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":341,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":341,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455701309996,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01007{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1561455701309996,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_usec":1561455701309996,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxXcMAAEARlWjAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="} +00962{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455701309996,"flow_src_last_pkt_time":1561455701309996,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":341,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":341,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455701309996,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +01004{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1561455701310940,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_usec":1561455701310940,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFvHu4AAEAR1D\/AqAIBwKgC\/0RcRFwBW7HJeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsxMTgyMzk1NTczLCAxNDIxMTE0Mzk5LCAxODA4MDQ3NjgwLCAxMzcyMDkyNjA5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNTI1ODAwNzEyMCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNDUxNDcyNjU4LCA0MTc0NjUwODgwLCAyODUyMTYwNywgMTQxNTYyMDM1MF19"} +00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455702980324,"flow_src_last_pkt_time":1561455702980324,"flow_dst_last_pkt_time":1561455702980324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1561455702980324,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1561455702980324,"flow_dst_last_pkt_time":1561455702980324,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1561455702980324,"pkt":"kLkxKPrKxiwDYGpkCABFAgBT1H4AAC8Gs3ARqy9VwKgCDAG7xUbop23K2+r6qYAYAEJmGwAAAQEICipMBbM0zcKkFQMDABo0yWx0nf4Y8Lruj7Xpo7KOiHQ6o5fprSXAlA=="} +01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455702980324,"flow_src_last_pkt_time":1561455702980324,"flow_dst_last_pkt_time":1561455702980324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1561455702980324,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1561455702981751,"flow_dst_last_pkt_time":1561455702980324,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455702981751,"pkt":"kLkxKPrKxiwDYGpkCABFAAA01H8AAC8Gs5ARqy9VwKgCDAG7xUbop23p2+r6qYARAEJXLQAAAQEICipMBbM0zcKk"} +00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1561455702981751,"flow_dst_last_pkt_time":1561455703144658,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1561455703144658,"pkt":"xiwDYGpkkLkxKPrKCABFAgBTAABAAEAGNu\/AqAIMEasvVcVGAbvb6vqp6KdtyoAYBACmYwAAAQEICjTOOFoqS5CDFQMDABoAAAAAAAAAAyfFNdvhqDfXGuNhDL9lpNkkKA=="} +00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1561455702981751,"flow_dst_last_pkt_time":1561455703145864,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455703145864,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGNxDAqAIMEasvVcVGAbvb6vrI6KdtyoARBABS5QAAAQEICjTOOF4qS5CD"} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1561455702981751,"flow_dst_last_pkt_time":1561455703149128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1561455703149128,"pkt":"xiwDYGpkkLkxKPrKCABFAAAoAABAAEAGNxzAqAIMEasvVcVGAbvb6vqpAAAAAFAEAAAOlgAA"} +00817{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455704556895,"flow_src_last_pkt_time":1561455704556895,"flow_dst_last_pkt_time":1561455704556895,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455704556895,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1561455704556895,"flow_dst_last_pkt_time":1561455704556895,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455704556895,"pkt":"AQBef\/\/62DBiVgAcCABFAACa1ogAAP8Rp9yp\/qL07\/\/\/+sTQB2wAhsguTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} +00999{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455704556895,"flow_src_last_pkt_time":1561455704556895,"flow_dst_last_pkt_time":1561455704556895,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455704556895,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455704557041,"flow_src_last_pkt_time":1561455704557041,"flow_dst_last_pkt_time":1561455704557041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455704557041,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1561455704557041,"flow_dst_last_pkt_time":1561455704557041,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455704557041,"pkt":"AQBef\/\/6xiwDYGpkCABFAACadbUAAAERkPrAqAIB7\/\/\/+sTQB2wAhlJ4TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} +00995{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455704557041,"flow_src_last_pkt_time":1561455704557041,"flow_dst_last_pkt_time":1561455704557041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455704557041,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455705874172,"flow_src_last_pkt_time":1561455705874172,"flow_dst_last_pkt_time":1561455705874172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455705874172,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1561455705874172,"flow_dst_last_pkt_time":1561455705874172,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1561455705874172,"pkt":"AQBeAAD7kLkxKPrKCABFAABNhSMAAP8RkszAqAIM4AAA+xTpFOkAOcRFAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAyAAQhfYWlycGxhecASAAyAAQ=="} +00995{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455705874172,"flow_src_last_pkt_time":1561455705874172,"flow_dst_last_pkt_time":1561455705874172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455705874172,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_raop._tcp.local","mdns": {}}} +00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455705874523,"flow_src_last_pkt_time":1561455705874523,"flow_dst_last_pkt_time":1561455705874523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455705874523,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1561455705874523,"flow_dst_last_pkt_time":1561455705874523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"thread_ts_usec":1561455705874523,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5+sIAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADIABCF9haXJwbGF5wBIADIAB"} +01004{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455705874523,"flow_src_last_pkt_time":1561455705874523,"flow_dst_last_pkt_time":1561455705874523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455705874523,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_raop._tcp.local","mdns": {}}} +00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706881291,"flow_dst_last_pkt_time":1561455705874172,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1561455706881291,"pkt":"AQBeAAD7kLkxKPrKCABFAABNdOIAAP8Row3AqAIM4AAA+xTpFOkAOUTGAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAwAAQhfYWlycGxhecASAAwAAQ=="} +00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706881597,"flow_dst_last_pkt_time":1561455705874523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"thread_ts_usec":1561455706881597,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5e0MAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADAABCF9haXJwbGF5wBIADAAB"} +00810{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912375,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912375,"pkt":"xiwDYGpkkLkxKPrKCABFAACav+gAAEARgnnAqAIMHw1WMNwIDZYAhhEmAAMAaiESpEKmZ0918K0sABMVszZAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} +01185{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912375,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912436,"pkt":"xiwDYGpkkLkxKPrKCABFAACaKEAAAEARGiLAqAIMHw1WMNwIDZYAhhElAAMAaiESpEKmZ0918K0sABMVszdAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} +00812{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912561,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912561,"pkt":"xiwDYGpkkLkxKPrKCABFAACa\/egAAEARKEbAqAIMuTzYM9wIDZYAhvTwAAMAaiESpEKmZ0918K0sABMVszhAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912561,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706912682,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912682,"pkt":"xiwDYGpkkLkxKPrKCABFAACaQnoAAEAR47TAqAIMuTzYM9wIDZYAhvTvAAMAaiESpEKmZ0918K0sABMVszlAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} +00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913062,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913062,"pkt":"xiwDYGpkkLkxKPrKCABFAACaTo8AAEARCe\/AqAIMnfDBMNwIDZYAhic+AAMAaiESpEKmZ0918K0sABMVszpAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913062,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706913136,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913136,"pkt":"xiwDYGpkkLkxKPrKCABFAACapTEAAEARs0zAqAIMnfDBMNwIDZYAhic9AAMAaiESpEKmZ0918K0sABMVsztAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} +00812{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913639,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913639,"pkt":"xiwDYGpkkLkxKPrKCABFAACa5uYAAEARXUvAqAIMszzAMNwIDZYAhhLwAAMAaiESpEKmZ0918K0sABMVszxAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913639,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706913891,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913891,"pkt":"xiwDYGpkkLkxKPrKCABFAACaa6sAAEAR2IbAqAIMszzAMNwIDZYAhhLvAAMAaiESpEKmZ0918K0sABMVsz1AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} +00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706914378,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706914378,"pkt":"xiwDYGpkkLkxKPrKCABFAACa6jAAAEARaz\/AqAIMnfDEPtwIDZYAhiQsAAMAaiESpEKmZ0918K0sABMVsz5AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706914378,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706914597,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706914597,"pkt":"xiwDYGpkkLkxKPrKCABFAACa\/isAAEARV0TAqAIMnfDEPtwIDZYAhiQrAAMAaiESpEKmZ0918K0sABMVsz9AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} +00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706925823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455706925823,"pkt":"kLkxKPrKxiwDYGpkCABFAABIJPUAAFQRCb8fDVYwwKgCDA2W3AgANMY6AQMAGCESpEKmZ0918K0sABMVszYAIAAIAAHthnGmBnJAAgAIAAABa44DQzM="} +00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706925951,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455706925951,"pkt":"kLkxKPrKxiwDYGpkCABFAABIJPYAAFQRCb4fDVYwwKgCDA2W3AgANMY5AQMAGCESpEKmZ0918K0sABMVszcAIAAIAAHthnGmBnJAAgAIAAABa44DQzM="} +00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1561455706914597,"flow_dst_last_pkt_time":1561455706935510,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455706935510,"pkt":"kLkxKPrKxiwDYGpkCABFAABIB5sAAFMROyed8MQ+wKgCDA2W3AgANNk5AQMAGCESpEKmZ0918K0sABMVsz4AIAAIAAHthnGmBnJAAgAIAAABa44DQzo="} +00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1561455706913136,"flow_dst_last_pkt_time":1561455706942065,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455706942065,"pkt":"kLkxKPrKxiwDYGpkCABFAABISQ8AAFER\/sCd8MEwwKgCDA2W3AgANNxIAQMAGCESpEKmZ0918K0sABMVszoAIAAIAAHthnGmBnJAAgAIAAABa44DQz0="} +00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1561455706913891,"flow_dst_last_pkt_time":1561455706942143,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455706942143,"pkt":"kLkxKPrKxiwDYGpkCABFAABIdjQAAFMRu0+zPMAwwKgCDA2W3AgANMf9AQMAGCESpEKmZ0918K0sABMVszwAIAAIAAHthnGmBnJAAgAIAAABa44DQzo="} +00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1561455706912682,"flow_dst_last_pkt_time":1561455706945445,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455706945445,"pkt":"kLkxKPrKxiwDYGpkCABFAABIKZAAAFMR6fC5PNgzwKgCDA2W3AgANKn2AQMAGCESpEKmZ0918K0sABMVszgAIAAIAAHthnGmBnJAAgAIAAABa44DQ0I="} +00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706979952,"flow_src_last_pkt_time":1561455706979952,"flow_dst_last_pkt_time":1561455706979952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706979952,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706979952,"flow_dst_last_pkt_time":1561455706979952,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1561455706979952,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClm6MAAAIRafbAqAIM7\/\/\/+vzMB2wAkbYGTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00996{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706979952,"flow_src_last_pkt_time":1561455706979952,"flow_dst_last_pkt_time":1561455706979952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706979952,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":232,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455707435698,"flow_src_last_pkt_time":1561455707435698,"flow_dst_last_pkt_time":1561455707435698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455707435698,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1561455707435698,"flow_dst_last_pkt_time":1561455707435698,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1561455707435698,"pkt":"xiwDYGpkkLkxKPrKCABFAAA+06QAAP8RYqzAqAIMwKgCAeyFADUAKgBWfx8BAAABAAAAAAAAA3Bwcwh3aGF0c2FwcANuZXQAAAEAAQ=="} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455707435698,"flow_src_last_pkt_time":1561455707435698,"flow_dst_last_pkt_time":1561455707435698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455707435698,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pps.whatsapp.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1561455707435698,"flow_dst_last_pkt_time":1561455707470289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_usec":1561455707470289,"pkt":"kLkxKPrKxiwDYGpkCABFAABnIjoAAEAR0u7AqAIBwKgCDAA17IUAUyY\/fx+BgAABAAIAAAAAA3Bwcwh3aGF0c2FwcANuZXQAAAEAAcAMAAUAAQAACz4ADQZtbXgtZHMDY2RuwBDALgABAAEAAAA+AASd8BQ0"} +01116{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455707435698,"flow_src_last_pkt_time":1561455707435698,"flow_dst_last_pkt_time":1561455707470289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":75,"midstream":0,"thread_ts_usec":1561455707470289,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pps.whatsapp.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"157.240.20.52"}}} +00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455707474558,"flow_src_last_pkt_time":1561455707474558,"flow_dst_last_pkt_time":1561455707474558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455707474558,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1561455707474558,"flow_dst_last_pkt_time":1561455707474558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1561455707474558,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGxd\/AqAIMnfAUNMVIAbt68MpNAAAAALDC\/\/823wAAAgQFtAEDAwcBAQgKNM5JcwAAAAAEAgAA"} +00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1561455707474558,"flow_dst_last_pkt_time":1561455707511792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1561455707511792,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFMG8uOd8BQ0wKgCDAG7xUi7sKeEevDKTqASbHBlBQAAAgQFeAQCCAq1oF6CNM5JcwEDAwg="} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1561455707513528,"flow_dst_last_pkt_time":1561455707511792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455707513528,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxevAqAIMnfAUNMVIAbt68MpOu7CnhYAQBAb72QAAAQEICjTOSZq1oF6C"} +01272{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1561455707524675,"flow_dst_last_pkt_time":1561455707511792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1561455707524675,"pkt":"xiwDYGpkkLkxKPrKCABFAAI5AABAAEAGw+bAqAIMnfAUNMVIAbt68MpOu7CnhYAYBAZ\/fQAAAQEICjTOSaW1oF6CFgMBAgABAAH8AwOH9qQ7+yKL4tunVBajRAEMZcD0LnYn0chkBCJ8V\/W5wSAyZRitQuT5VUG0rd7O73q87mICh7P83OWE866NlPwORwA0EwMTARMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABUAEwAAEHBwcy53aGF0c2FwcC5uZXQAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAzACYAJAAdACCprT1zqPKQIzBBlpj9bMg6Glq9UTNfNHVaZHTwErUpPQAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAKcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01260{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455707474558,"flow_src_last_pkt_time":1561455707524675,"flow_dst_last_pkt_time":1561455707511792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455707524675,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","proto_id":"91.142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"pps.whatsapp.net","tls": {"version":"TLSv1.2","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1561455707524675,"flow_dst_last_pkt_time":1561455707563261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455707563261,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0dcMAAFMGfSid8BQ0wKgCDAG7xUi7sKeFevDMU4AQAHH9LAAAAQEICrWgXrQ0zkml"} +01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1561455707474558,"flow_src_last_pkt_time":1561455707524675,"flow_dst_last_pkt_time":1561455707564246,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1561455707564246,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","proto_id":"91.142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"pps.whatsapp.net","tls": {"version":"TLSv1.3","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +02201{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":293,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1561455707474558,"flow_src_last_pkt_time":1561455707778028,"flow_dst_last_pkt_time":1561455707778471,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":9370,"midstream":0,"thread_ts_usec":1561455707778471,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":19593.0,"max":129132,"stddev":30818.3,"var":949767616.0,"ent":3.5,"data": [37234,38970,11147,51469,985,103,11,42805,136,34645,3771,380,216,299,76165,5,34895,421,279,3605,27,2938,1342,3436,77447,53735,129132,1406,40,219,120]},"pktlen": {"min":52,"avg":374.4,"max":1440,"stddev":526.3,"var":277041.4,"ent":3.9,"data": [64,60,52,569,52,1440,1440,333,52,52,116,98,95,87,244,223,126,52,52,83,52,83,52,87,52,52,502,52,1440,1440,1440,1440]},"bins": {"c_to_s": [10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,1,1],"entropies": [4.421927452,5.127645493,4.947339535,4.844649315,5.024262905,7.828526497,7.880538940,7.342582226,4.947340012,4.947340012,6.096442223,5.933140755,5.903703690,5.761512756,7.014289856,6.959705353,6.368111134,4.923395157,4.923395157,5.597574711,5.062724590,5.763532162,4.985801220,5.859550953,4.947339535,4.985801220,7.559065819,4.947340012,7.871157646,7.859573364,7.846300602,7.844365597]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","proto_id":"91.142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1561455709888553,"flow_dst_last_pkt_time":1561455705874172,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1561455709888553,"pkt":"AQBeAAD7kLkxKPrKCABFAABNP9UAAP8R2BrAqAIM4AAA+xTpFOkAOUTGAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAwAAQhfYWlycGxhecASAAwAAQ=="} +00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1561455709890098,"flow_dst_last_pkt_time":1561455705874523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"thread_ts_usec":1561455709890098,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5e0MAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADAABCF9haXJwbGF5wBIADAAB"} +00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1561455709984212,"flow_dst_last_pkt_time":1561455706979952,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1561455709984212,"pkt":"AQBef\/\/6kLkxKPrKCABFAACggMsAAAIRhNPAqAIM7\/\/\/+vzMB2wAjOY9TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"} +00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1561455713015065,"flow_dst_last_pkt_time":1561455706979952,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1561455713015065,"pkt":"AQBef\/\/6kLkxKPrKCABFAAChffAAAAIRh63AqAIM7\/\/\/+vzMB2wAjYZETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTlBQUENvbm5lY3Rpb246MQ0KTUFOOiAic3NkcDpkaXNjb3ZlciINCk1YOiAzDQoNCg=="} +00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1561455716020462,"flow_dst_last_pkt_time":1561455706979952,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":1561455716020462,"pkt":"AQBef\/\/6kLkxKPrKCABFAACBk7cAAAIRcgbAqAIM7\/\/\/+vzMB2wAbSFSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cG5wOnJvb3RkZXZpY2UNCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1561455718911851,"flow_dst_last_pkt_time":1561455705874172,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1561455718911851,"pkt":"AQBeAAD7kLkxKPrKCABFAABNWGMAAP8Rv4zAqAIM4AAA+xTpFOkAOUTGAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAwAAQhfYWlycGxhecASAAwAAQ=="} +00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1561455718912134,"flow_dst_last_pkt_time":1561455705874523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"thread_ts_usec":1561455718912134,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5e0MAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADAABCF9haXJwbGF5wBIADAAB"} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1561455719106588,"flow_dst_last_pkt_time":1561455706925951,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":48,"pkt_l4_len":14,"thread_ts_usec":1561455719106588,"pkt":"xiwDYGpkkLkxKPrKCABFAAAib6IAAEAR0zfAqAIMHw1WMNwIDZYADqAHaGVhbHRo"} +00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1561455719211603,"flow_dst_last_pkt_time":1561455706945445,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455719211603,"pkt":"xiwDYGpkkLkxKPrKCABFAACa2X4AAEARTLDAqAIMuTzYM9wIDZYAhvTmAAMAaiESpEKmZ0918K0sABMVs0JAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} +00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1561455719211659,"flow_dst_last_pkt_time":1561455706945445,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455719211659,"pkt":"xiwDYGpkkLkxKPrKCABFAACaK6kAAEAR+oXAqAIMuTzYM9wIDZYAhvTlAAMAaiESpEKmZ0918K0sABMVs0NAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} +00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1561455719212169,"flow_dst_last_pkt_time":1561455706942065,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455719212169,"pkt":"xiwDYGpkkLkxKPrKCABFAACaXjgAAEAR+kXAqAIMnfDBMNwIDZYAhic0AAMAaiESpEKmZ0918K0sABMVs0RAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} +00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1561455719212288,"flow_dst_last_pkt_time":1561455706942065,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455719212288,"pkt":"xiwDYGpkkLkxKPrKCABFAACaAzgAAEARVUbAqAIMnfDBMNwIDZYAhiczAAMAaiESpEKmZ0918K0sABMVs0VAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} +00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1561455719212695,"flow_dst_last_pkt_time":1561455706942143,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455719212695,"pkt":"xiwDYGpkkLkxKPrKCABFAACaPBgAAEARCBrAqAIMszzAMNwIDZYAhhLmAAMAaiESpEKmZ0918K0sABMVs0ZAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} +00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1561455719212821,"flow_dst_last_pkt_time":1561455706942143,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455719212821,"pkt":"xiwDYGpkkLkxKPrKCABFAACa\/iEAAEARRhDAqAIMszzAMNwIDZYAhhLlAAMAaiESpEKmZ0918K0sABMVs0dAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} +00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1561455719213259,"flow_dst_last_pkt_time":1561455706935510,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455719213259,"pkt":"xiwDYGpkkLkxKPrKCABFAACa6sAAAEARaq\/AqAIMnfDEPtwIDZYAhiQiAAMAaiESpEKmZ0918K0sABMVs0hAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} +00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1561455719213382,"flow_dst_last_pkt_time":1561455706935510,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455719213382,"pkt":"xiwDYGpkkLkxKPrKCABFAACaA0YAAEARUirAqAIMnfDEPtwIDZYAhiQhAAMAaiESpEKmZ0918K0sABMVs0lAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} +00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455721320417,"flow_src_last_pkt_time":1561455721320417,"flow_dst_last_pkt_time":1561455721320417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455721320417,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00957{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1561455721320417,"flow_dst_last_pkt_time":1561455721320417,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1561455721320417,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqQAAP8RHAEAAAAA\/\/\/\/\/wBEAEMBNNuDAQEGAH5K8tcAAAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} +01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455721320417,"flow_src_last_pkt_time":1561455721320417,"flow_dst_last_pkt_time":1561455721320417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455721320417,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac","dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}} +00957{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1561455722541136,"flow_dst_last_pkt_time":1561455721320417,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1561455722541136,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqUAAP8RHAAAAAAA\/\/\/\/\/wBEAEMBNNuCAQEGAH5K8tcAAQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} +00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1561455724934690,"flow_dst_last_pkt_time":1561455721320417,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1561455724934690,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqYAAP8RG\/8AAAAA\/\/\/\/\/wBEAEMBNNuAAQEGAH5K8tcAAwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} +00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1561455726442435,"flow_dst_last_pkt_time":1561455688445940,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455726442435,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIUlcAAEARof3AqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="} +00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1561455729803232,"flow_dst_last_pkt_time":1561455721320417,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1561455729803232,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqcAAP8RG\/4AAAAA\/\/\/\/\/wBEAEMBNNt7AQEGAH5K8tcACAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} +00809{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455730495456,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455730495456,"pkt":"kLkxKPrKxiwDYGpkCABFAABI7nAAADERRFFb\/DgzwKgCDH\/A3AgANOnLAAEAGCESpEJZi1FU1SmRVkxGZgQACAAUYCmYSN+rkyNYVIx9I16CdotJWKc="} +01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455730495456,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1561455731073692,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731073692,"pkt":"kLkxKPrKxiwDYGpkCABFAABIAlEAADERMHFb\/DgzwKgCDH\/A3AgANGApAAEAGCESpELobM0y9AHrYlN0+hgACAAU\/c20Lcr5wjE5JYKvJct9qbua6og="} +01007{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1561455731356183,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_usec":1561455731356183,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxjdoAAEARZVHAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="} +01003{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1561455731356928,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_usec":1561455731356928,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFveLUAAEARenjAqAIBwKgC\/0RcRFwBW7HJeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsxMTgyMzk1NTczLCAxNDIxMTE0Mzk5LCAxODA4MDQ3NjgwLCAxMzcyMDkyNjA5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNTI1ODAwNzEyMCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNDUxNDcyNjU4LCA0MTc0NjUwODgwLCAyODUyMTYwNywgMTQxNTYyMDM1MF19"} +02381{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":487,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455731523132,"flow_dst_last_pkt_time":1561455731536124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":1833,"midstream":0,"thread_ts_usec":1561455731536124,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":1588209.8,"max":12196243,"stddev":3050402.8,"var":9304956469248.0,"ent":3.2,"data": [61,13448,128,12194152,12196243,104402,58,105108,1,108628,104619,3043264,3048902,3100925,3096031,3015294,3016553,2001940,2156,107078,164036,190107,88523,28769,198646,133957,3008088,90958,35571,314,36546]},"pktlen": {"min":30,"avg":110.0,"max":306,"stddev":87.2,"var":7598.9,"ent":4.6,"data": [154,154,72,72,34,30,154,154,72,72,34,30,34,30,34,30,34,30,74,54,232,261,240,150,306,234,302,34,30,154,154,72]},"bins": {"c_to_s": [6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1],"entropies": [6.541143417,6.523254871,5.258596897,5.258596897,4.628356934,4.453236580,6.497281075,6.520071030,5.203041553,5.130857468,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,5.668909073,5.185353279,6.995151520,7.135284424,7.074851990,6.635347366,7.304471493,6.999480724,7.242955685,4.628356934,4.453236580,6.523254871,6.523254871,5.230819225]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731665769,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731665769,"pkt":"xiwDYGpkkLkxKPrKCABFAABId7IAAEAR8MLAqAIMATxOQNwI+xoANL93AAEAGCESpEJNNg9OA5IbZKhKGmoACAAUkUJIDnID0ka3i4LpQfhGRUa3K\/w="} +01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731665769,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731697327,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/gUAADERNLxb\/DgzwKgCDH\/A3AgANISZAAEAGCESpEKSaahiiU3KFyQDpDgACAAUPvQQqrwwB3kMX1876e4ssz8N17Y="} +00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455731699179,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731699179,"pkt":"xiwDYGpkkLkxKPrKCABFAABIalYAAEARuWvAqAIMW\/w4M9wIf8AANHvGAQEAGCESpEKSaahiiU3KFyQDpDgACAAU78j6HBgMgp4J7E4uRUxed5inmwU="} +00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455731771636,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731771636,"pkt":"xiwDYGpkkLkxKPrKCABFAABIuQIAAEARar\/AqAIMW\/w4M9wIf8AANBvxAAEAGCESpEInL2dPpxxCLUQhtkgACAAUq0S1cqGjKGibQ8Ad3a7kThUOm\/s="} +00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1561455732298035,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455732298035,"pkt":"xiwDYGpkkLkxKPrKCABFAABIre0AAEARuofAqAIMATxOQNwI+xoANHLOAAEAGCESpEIrgAUzrwTeBSrSSH8ACAAUv8Ev3sei+dcRfEZy9ei0mRui3Zw="} +00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1561455732919461,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455732919461,"pkt":"xiwDYGpkkLkxKPrKCABFAABIV+kAAEAREIzAqAIMATxOQNwI+xoANBvDAAEAGCESpELCs7YUVt8QVzF73yEACAAUMmINwHB46SKyj3xrODHnuD6GHSA="} +02507{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":538,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455733316995,"flow_dst_last_pkt_time":1561455733325980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":1873,"flow_dst_tot_l4_payload_len":1869,"midstream":0,"thread_ts_usec":1561455733325980,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":182324.6,"max":1203723,"stddev":228895.9,"var":52393320448.0,"ent":4.2,"data": [578236,623635,1203723,72457,167216,11596,115693,158378,2,172820,173607,169808,156213,136586,155315,179817,99336,157427,38286,163380,181314,166574,142422,2967,25967,115313,6126,171847,106305,56249,143448]},"pktlen": {"min":54,"avg":144.9,"max":301,"stddev":51.7,"var":2672.5,"ent":4.9,"data": [72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179]},"bins": {"c_to_s": [1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1],"entropies": [5.523683071,5.551460743,5.523683071,5.586590290,5.513198376,5.558812618,6.900094032,7.080634594,6.725411892,6.561889648,7.326864719,6.497554302,6.712717533,6.644547939,6.493841648,6.572838783,6.470429420,6.565414429,6.709655762,6.771090984,6.675994873,6.701801777,6.747565746,6.673988342,6.480553150,5.199332237,6.648680687,6.585022449,6.694502831,6.592251301,6.568360806,6.807644844]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1561455733543524,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455733543524,"pkt":"xiwDYGpkkLkxKPrKCABFAABIhgkAAEAR4mvAqAIMATxOQNwI+xoANNyjAAEAGCESpEKaqxAMcXf5HhivnksACAAUXrUv35eEVCK3ZPufCanP8gSQnE8="} +00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1561455734169795,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455734169795,"pkt":"xiwDYGpkkLkxKPrKCABFAABIQ+QAAEARJJHAqAIMATxOQNwI+xoANLvkAAEAGCESpEJdvqBh2rbkNqYRchoACAAUXsrok\/u8nTRHu7GOUWRyNlbwy2Q="} +00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1561455737893179,"flow_dst_last_pkt_time":1561455705874172,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_usec":1561455737893179,"pkt":"AQBeAAD7kLkxKPrKCABFAACmf9YAAP8Rl8DAqAIM4AAA+xTpFOkAklETAAAAAAAFAAEAAAAACF9ob21la2l0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAEMX3NsZWVwLXByb3h5BF91ZHDAGgAMAAEFX3Jhb3DAFQAMAAEIX2FpcnBsYXnAFQAMAAHAJQAMAAEAAA2VABANTHVjYeKAmXMgaU1hY8Al"} +01008{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1561455705874172,"flow_src_last_pkt_time":1561455737893179,"flow_dst_last_pkt_time":1561455705874172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455737893179,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_homekit._tcp.local","mdns": {}}} +00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1561455737895397,"flow_dst_last_pkt_time":1561455705874523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":200,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":200,"pkt_l4_len":146,"thread_ts_usec":1561455737895397,"pkt":"MzMAAAD7kLkxKPrKht1gDagnAJIR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QCSh5AAAAAAAAUAAQAAAAAIX2hvbWVraXQEX3RjcAVsb2NhbAAADAABD19jb21wYW5pb24tbGlua8AVAAwAAQxfc2xlZXAtcHJveHkEX3VkcMAaAAwAAQVfcmFvcMAVAAwAAQhfYWlycGxhecAVAAwAAcAlAAwAAQAADZUAEA1MdWNh4oCZcyBpTWFjwCU="} +01017{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":633,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1561455705874523,"flow_src_last_pkt_time":1561455737895397,"flow_dst_last_pkt_time":1561455705874523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455737895397,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_homekit._tcp.local","mdns": {}}} +00810{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455738163757,"flow_src_last_pkt_time":1561455738163757,"flow_dst_last_pkt_time":1561455738163757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1561455738163757,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1561455738163757,"flow_dst_last_pkt_time":1561455738163757,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1561455738163757,"pkt":"2DBiVgAckLkxKPrKCABFAAAok2wAAP8GGLzAqAIMqf6i9MDIwAcC6LXACBPPY1AQCAWHOAAA"} +00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1561455738163757,"flow_dst_last_pkt_time":1561455738163886,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1561455738163886,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0AAAAAP8GrByp\/qL0wKgCDMAHwMgIE89jAui1wYAQEABYwQAAAQEIChqjwVI0zNyh"} +00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1561455738622273,"flow_dst_last_pkt_time":1561455721320417,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1561455738622273,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqgAAP8RG\/0AAAAA\/\/\/\/\/wBEAEMBNNtyAQEGAH5K8tcAEQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} +01012{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":703,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455689728258,"flow_src_last_pkt_time":1561455689728258,"flow_dst_last_pkt_time":1561455689761023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1561455741266114,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsAppFiles","proto_id":"5.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01005{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":703,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687944542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1561455741266114,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00993{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":703,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455688445940,"flow_src_last_pkt_time":1561455726442435,"flow_dst_last_pkt_time":1561455688445940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455741266114,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} +01007{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":703,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455687991884,"flow_src_last_pkt_time":1561455687991884,"flow_dst_last_pkt_time":1561455688018542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":71,"midstream":0,"thread_ts_usec":1561455741266114,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":713,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741430274,"flow_src_last_pkt_time":1561455741430274,"flow_dst_last_pkt_time":1561455741430274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455741430274,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1561455741430274,"flow_dst_last_pkt_time":1561455741430274,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1561455741430274,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClZnoAAAIRnx\/AqAIM7\/\/\/+sQPB2wAke7DTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00996{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":713,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741430274,"flow_src_last_pkt_time":1561455741430274,"flow_dst_last_pkt_time":1561455741430274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455741430274,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741432427,"flow_src_last_pkt_time":1561455741432427,"flow_dst_last_pkt_time":1561455741432427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455741432427,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1561455741432427,"flow_dst_last_pkt_time":1561455741432427,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1561455741432427,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClgs4AAAIRgsvAqAIM7\/\/\/+uDKB2wAkdIITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} +00996{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741432427,"flow_src_last_pkt_time":1561455741432427,"flow_dst_last_pkt_time":1561455741432427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455741432427,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741484694,"flow_src_last_pkt_time":1561455741484694,"flow_dst_last_pkt_time":1561455741484694,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455741484694,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} +00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1561455741484694,"flow_dst_last_pkt_time":1561455741484694,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1561455741484694,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4hv4AAEABnOPAqAIMW\/w4MwMDoFgAAAAARQAA73IeAAAxEb\/8W\/w4M8CoAgx\/wNwIANsAAA=="} +01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741484694,"flow_src_last_pkt_time":1561455741484694,"flow_dst_last_pkt_time":1561455741484694,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455741484694,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":3.962659}} +00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1561455742405584,"flow_dst_last_pkt_time":1561455741484694,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1561455742405584,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4TCgAAEAB17nAqAIMW\/w4MwMDoOEAAAAARQAAZumbAAAxEUkIW\/w4M8CoAgx\/wNwIAFIAAA=="} +00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1561455742405951,"flow_dst_last_pkt_time":1561455741484694,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1561455742405951,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4HrIAAEABBTDAqAIMW\/w4MwMDoOEAAAAARQAAZp1RAAAxEZVSW\/w4M8CoAgx\/wNwIAFIAAA=="} +00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1561455742405963,"flow_dst_last_pkt_time":1561455741484694,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1561455742405963,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4twoAAEABbNfAqAIMW\/w4MwMDoOEAAAAARQAAZq9YAAAxEYNLW\/w4M8CoAgx\/wNwIAFIAAA=="} +01134{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1561455688201615,"flow_src_last_pkt_time":1561455742310706,"flow_dst_last_pkt_time":1561455742309411,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":6009,"flow_dst_tot_l4_payload_len":414,"midstream":1,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ApplePush","proto_id":"238","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00898{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455738163757,"flow_src_last_pkt_time":1561455738163757,"flow_dst_last_pkt_time":1561455738163886,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455738163757,"flow_src_last_pkt_time":1561455738163757,"flow_dst_last_pkt_time":1561455738163886,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01017{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":44,"flow_first_seen":1561455707474558,"flow_src_last_pkt_time":1561455707887523,"flow_dst_last_pkt_time":1561455707886473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":987,"flow_dst_tot_l4_payload_len":40959,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","proto_id":"91.142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1561455721320417,"flow_src_last_pkt_time":1561455738622273,"flow_dst_last_pkt_time":1561455721320417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1500,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01264{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":87,"flow_dst_packets_processed":77,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455742404517,"flow_dst_last_pkt_time":1561455741413630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":276,"flow_dst_max_l4_payload_len":289,"flow_src_tot_l4_payload_len":10944,"flow_dst_tot_l4_payload_len":14102,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741432427,"flow_src_last_pkt_time":1561455741432427,"flow_dst_last_pkt_time":1561455741432427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455689728258,"flow_src_last_pkt_time":1561455689728258,"flow_dst_last_pkt_time":1561455689761023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsAppFiles","proto_id":"5.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1561455705874523,"flow_src_last_pkt_time":1561455737895397,"flow_dst_last_pkt_time":1561455705874523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1561455701309996,"flow_src_last_pkt_time":1561455731356928,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":339,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687944542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01108{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1561455702980324,"flow_src_last_pkt_time":1561455703262823,"flow_dst_last_pkt_time":1561455703149308,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":31,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":31,"midstream":1,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455704556895,"flow_src_last_pkt_time":1561455704556895,"flow_dst_last_pkt_time":1561455704556895,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +01145{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455741420615,"flow_dst_last_pkt_time":1561455719233138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01145{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455741419902,"flow_dst_last_pkt_time":1561455719244228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1561455705874172,"flow_src_last_pkt_time":1561455737893179,"flow_dst_last_pkt_time":1561455705874172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455688445940,"flow_src_last_pkt_time":1561455726442435,"flow_dst_last_pkt_time":1561455688445940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} +01252{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455741046982,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":704,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741430274,"flow_src_last_pkt_time":1561455741430274,"flow_dst_last_pkt_time":1561455741430274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":25,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455690240149,"flow_dst_last_pkt_time":1561455690302153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1331,"flow_dst_tot_l4_payload_len":20101,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} +01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1561455706979952,"flow_src_last_pkt_time":1561455716020462,"flow_dst_last_pkt_time":1561455706979952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":503,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455704557041,"flow_src_last_pkt_time":1561455704557041,"flow_dst_last_pkt_time":1561455704557041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1561455741484694,"flow_src_last_pkt_time":1561455742405963,"flow_dst_last_pkt_time":1561455741484694,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455707435698,"flow_src_last_pkt_time":1561455707435698,"flow_dst_last_pkt_time":1561455707470289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":75,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":132,"flow_dst_packets_processed":131,"flow_first_seen":1561455688704143,"flow_src_last_pkt_time":1561455743434771,"flow_dst_last_pkt_time":1561455743433441,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":327,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":5296,"flow_dst_tot_l4_payload_len":15785,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +01144{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455741420295,"flow_dst_last_pkt_time":1561455719240742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455687991884,"flow_src_last_pkt_time":1561455687991884,"flow_dst_last_pkt_time":1561455688018542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":71,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01144{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455741419546,"flow_dst_last_pkt_time":1561455719248009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01145{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":28,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455741419206,"flow_dst_last_pkt_time":1561455740537152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":284,"flow_src_tot_l4_payload_len":1467,"flow_dst_tot_l4_payload_len":2492,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00619{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","packets-captured":736,"packets-processed":734,"total-skipped-flows":0,"total-l4-payload-len":128892,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":8,"total-updates":4,"current-active-flows":0,"total-active-flows":28,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":207,"global_ts_usec":1561455743434771} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 736/734 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 128892 bytes +~~ total detected protocols..: 27 +~~ total active/idle flows...: 28/28 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7686602 bytes +~~ total memory freed........: 7686602 bytes +~~ total allocations/frees...: 143722/143722 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 543 chars +~~ json string max len.......: 2530 chars +~~ json string avg len.......: 1536 chars diff --git a/test/results/flow-analyse/default/doh.pcapng.out b/test/results/flow-analyse/default/doh.pcapng.out new file mode 100644 index 000000000..48f4ac4eb --- /dev/null +++ b/test/results/flow-analyse/default/doh.pcapng.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.253,1.1.1.1,tcp,35996,443,finished,17,15,1623220847881632,1623220894239868,1623220878891197,0,0,261,1460,606,3569,0,0,2495735.5,15359810,5583085.5,31170844688384.0,2.4,"12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810",46,174.8,1500,350.9,123099.2,3.6,"60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46","12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0","4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245",TLS,91,1,Safe,Web,6,DPI,"24" diff --git a/test/results/flow-analyse/default/hangout.pcap.out b/test/results/flow-analyse/default/edonkey.pcap.out index bab73746f..bab73746f 100644 --- a/test/results/flow-analyse/default/hangout.pcap.out +++ b/test/results/flow-analyse/default/edonkey.pcap.out diff --git a/test/results/flow-analyse/default/geforcenow.pcapng.out b/test/results/flow-analyse/default/geforcenow.pcapng.out index f2b2b23f9..f03b48652 100644 --- a/test/results/flow-analyse/default/geforcenow.pcapng.out +++ b/test/results/flow-analyse/default/geforcenow.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.245,80.84.167.206,tcp,57490,49100,info,15,17,1684671871380890,1684671871611894,1684671871611894,0,0,669,2896,1367,31825,0,0,14903.5,47333,17676.6,312463360.0,3.9,"41203,41243,226,42731,42519,54,16,5947,47333,41968,42407,0,41955,155,4158,2454,15862,0,0,41,9328,25186,0,25245,4217,4258,11750,11667,45,20,20",52,1089.8,2948,1283.5,1647314.5,4.0,"60,60,52,569,2948,52,575,52,145,326,721,324,235,52,217,96,96,2948,2948,2948,1500,52,2948,2948,52,2948,52,2948,52,2948,52,2948","10,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,10","0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,1,1,1,0,1,1,0,1,0,1,0,1,0,1","4.825882912,5.279368877,5.207947731,4.797474861,7.333730698,5.169486046,7.591311932,5.169486046,6.138707161,7.168643475,7.677440643,7.274022579,6.973204136,5.207947731,6.943279743,5.763498783,5.664438248,7.941471577,7.933756351,7.935662746,7.862148762,5.207947731,7.936669827,7.942846298,5.207947731,7.941987514,5.169486046,7.928585052,5.270353794,7.943464279,5.217375278,7.941396713",,,,,,,,"" -1,ip4,192.168.1.245,80.84.167.206,udp,52441,18452,finished,16,16,1684671871710618,1684671872714424,1684671872714517,45,0,540,661,2076,2033,0,0,64764.7,689508,136017.0,18500616192.0,3.2,"66053,63330,171747,44041,99894,183824,360133,689508,48469,47134,1,0,0,0,4464,1537,52687,37,46039,42295,446,303,157,40,93,42070,315,149,228,42450,261",53,156.4,689,133.9,17933.5,4.7,"124,124,124,92,185,185,185,185,689,568,119,358,164,107,53,95,101,101,141,137,105,109,73,113,113,113,73,85,89,105,85,105","0,2,5,4,4,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,3,8,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,0,0,0,0,1,0,1,1,1,1,1,1,1,0,0,1,0,1,0,0,0,0,1,1,1,1,0,1","5.798890114,5.760544300,5.760543823,5.699924469,4.958880424,4.982108116,4.979167461,4.994058609,6.462553024,6.717261314,4.840689182,6.641223907,6.248939514,4.353680611,3.764864683,5.258242130,6.006977558,5.841088772,6.408538342,6.349637032,5.904027939,6.047730923,5.421965599,6.049623013,6.169179440,6.109401703,5.448651314,5.635576248,5.804111004,6.095016956,5.717526436,6.095016956",STUN,78,0,Acceptable,Network,6,DPI,"5,46" +1,ip4,192.168.1.245,80.84.167.206,udp,52441,18452,finished,16,16,1684671871710618,1684671872714424,1684671872714517,45,0,540,661,2076,2033,0,0,64764.7,689508,136017.0,18500616192.0,3.2,"66053,63330,171747,44041,99894,183824,360133,689508,48469,47134,1,0,0,0,4464,1537,52687,37,46039,42295,446,303,157,40,93,42070,315,149,228,42450,261",53,156.4,689,133.9,17933.5,4.7,"124,124,124,92,185,185,185,185,689,568,119,358,164,107,53,95,101,101,141,137,105,109,73,113,113,113,73,85,89,105,85,105","0,2,5,4,4,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,3,8,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,0,0,0,0,1,0,1,1,1,1,1,1,1,0,0,1,0,1,0,0,0,0,1,1,1,1,0,1","5.798890114,5.760544300,5.760543823,5.699924469,4.958880424,4.982108116,4.979167461,4.994058609,6.462553024,6.717261314,4.840689182,6.641223907,6.248939514,4.353680611,3.764864683,5.258242130,6.006977558,5.841088772,6.408538342,6.349637032,5.904027939,6.047730923,5.421965599,6.049623013,6.169179440,6.109401703,5.448651314,5.635576248,5.804111004,6.095016956,5.717526436,6.095016956",STUN,78,0,Acceptable,Network,6,DPI,"5" diff --git a/test/results/flow-analyse/default/socks-http-example.pcap.out b/test/results/flow-analyse/default/http_invalid_server.pcap.out index bab73746f..bab73746f 100644 --- a/test/results/flow-analyse/default/socks-http-example.pcap.out +++ b/test/results/flow-analyse/default/http_invalid_server.pcap.out diff --git a/test/results/flow-analyse/default/line.pcap.out b/test/results/flow-analyse/default/line.pcap.out index a9fb03321..1ca2e8c65 100644 --- a/test/results/flow-analyse/default/line.pcap.out +++ b/test/results/flow-analyse/default/line.pcap.out @@ -1,5 +1,5 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,10.0.2.15,125.209.252.210,udp,50835,20610,finished,19,13,608455689,610177798,609998416,30,0,872,740,2795,1792,0,41,105317.3,602060,182193.2,33194352640.0,3.4,"500157,544706,533063,602060,13540,168,64915,55,263094,290370,5367,20000,10523,19462,58958,10024,9911,21001,21013,9059,41,8011,22020,2894,7145,6942,42069,58114,10385,99326,10443",58,171.3,900,234.5,54984.5,4.1,"900,900,270,768,58,380,163,163,331,64,65,65,64,64,64,66,64,66,66,66,64,66,66,66,65,65,100,80,67,67,65,65","1,14,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,8,1,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0,1,1,1,1,1,0,0,0,0,0","7.775331020,7.771239281,6.645260811,7.613231659,5.193683147,7.436975479,6.710443974,6.755647659,7.369442463,5.120024681,5.136775970,5.344619274,5.143614769,5.249160290,5.311660290,5.195097923,5.186660290,5.286006927,5.346612453,5.316309452,5.217910290,5.286006451,5.255703449,5.316309929,5.252311230,5.160003662,4.125199318,4.492414474,5.378718853,5.348868370,5.240697861,5.209928036",LineCall,316,1,Acceptable,VoIP,6,DPI,"" +1,ip4,10.0.2.15,125.209.252.210,udp,50835,20610,finished,19,13,608455689,610177798,609998416,30,0,872,740,2795,1792,0,41,105317.3,602060,182193.2,33194352640.0,3.4,"500157,544706,533063,602060,13540,168,64915,55,263094,290370,5367,20000,10523,19462,58958,10024,9911,21001,21013,9059,41,8011,22020,2894,7145,6942,42069,58114,10385,99326,10443",58,171.3,900,234.5,54984.5,4.1,"900,900,270,768,58,380,163,163,331,64,65,65,64,64,64,66,64,66,66,66,64,66,66,66,65,65,100,80,67,67,65,65","1,14,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,8,1,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0,1,1,1,1,1,0,0,0,0,0","7.775331020,7.771239281,6.645260811,7.613231659,5.193683147,7.436975479,6.710443974,6.755647659,7.369442463,5.120024681,5.136775970,5.344619274,5.143614769,5.249160290,5.311660290,5.195097923,5.186660290,5.286006927,5.346612453,5.316309452,5.217910290,5.286006451,5.255703449,5.316309929,5.252311230,5.160003662,4.125199318,4.492414474,5.378718853,5.348868370,5.240697861,5.209928036",LineCall,316,1,Acceptable,VoIP,6,DPI,"46" 1,ip4,10.200.3.125,147.92.165.194,tcp,57841,443,finished,14,18,1663913332980371,1663913336388129,1663913336380823,0,0,296,334,1142,1292,1,6905,219619.7,2533141,601190.4,361429958656.0,2.8,"74605,74711,34434,71161,134842,63602,34330,34381,78205,122566,44300,34282,34254,68317,109320,41185,34458,34320,6905,46826,64547,58950,90163,2533141,2477508,34518,34165,78836,154671,69564,35143",40,118.1,374,90.9,8262.1,4.6,"100,46,134,46,146,93,46,150,46,343,95,46,146,46,113,89,46,150,46,216,89,124,96,46,95,46,336,46,256,40,374,89","1,8,1,3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,0,2,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,1,0,1,0","5.948760986,4.652828693,6.332477570,4.696306705,6.569760323,6.006792545,4.696306705,6.565413952,4.696306705,7.383316040,6.030017853,4.652828693,6.526851654,4.652828693,6.386383057,5.933434010,4.652828217,6.670314789,4.696306705,7.039282322,5.852028370,6.250293255,6.048403740,4.652828693,5.950967789,4.652828693,7.256349564,4.696306705,7.137952328,4.780641556,7.407141685,5.877035141",TLS,91,1,Safe,Web,6,DPI,"" 1,ip4,10.200.3.125,147.92.242.232,tcp,58160,443,finished,14,18,1663913333003014,1663913342823022,1663913342822836,0,0,573,1460,3181,4192,0,0,633542.9,7306445,1725177.1,2976235913216.0,2.7,"237342,237605,1014,239671,1368,0,0,239919,3744,241388,238671,278520,277391,237506,0,0,237646,7029518,7306445,276831,237603,712,0,238338,524359,801600,277245,237667,0,0,237727",40,272.5,1500,367.3,134881.6,4.1,"52,52,40,557,46,1500,1500,381,40,133,314,335,46,581,46,224,75,40,335,46,613,46,224,75,40,335,46,612,46,224,75,40","6,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,3,0,0,0,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0","4.516527176,4.923395157,4.780641556,4.813910007,4.544876099,7.233272552,7.495951176,7.379673958,4.780641556,6.214868546,7.183261871,7.332785606,4.501397610,7.644387245,4.501397610,7.034603119,5.700131416,4.780641556,7.404506683,4.435436726,7.647257328,4.565871716,6.998442650,5.771955490,4.611769676,7.254877090,4.549460888,7.643351078,4.549460888,7.047076225,5.680000782,4.671928883",TLS.Line,91.315,1,Acceptable,Chat,6,DPI,"15" -1,ip4,10.200.3.125,147.92.169.90,udp,51161,29070,finished,19,13,1663913345063942,1663913345289714,1663913345324209,31,0,853,542,9673,6723,0,0,15678.7,225047,51123.4,2613605376.0,1.5,"175745,225047,59,35,38,31,59,34,37,32,38,31,36,30,43,29,35,45,113,84319,0,0,0,0,0,0,155,0,0,0,48",59,540.4,881,131.0,17170.0,4.9,"881,419,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,59,161,398,570,570,570,570,570,570,570,570,570,570,570","1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1","7.761873245,7.165147781,7.605986118,7.625072002,7.581394672,7.661452770,7.659568310,7.627281189,7.538283348,7.648130894,7.648977280,7.646443367,7.577320099,7.610880852,7.662839413,7.594055176,7.592848778,7.662833691,5.346174717,6.693209171,7.482118607,7.644935131,7.664292812,7.595146656,7.643230438,7.594839096,7.698119640,7.644002914,7.648988724,7.686812401,7.668937206,7.563340664",LineCall,316,1,Acceptable,VoIP,6,DPI,"" +1,ip4,10.200.3.125,147.92.169.90,udp,51161,29070,finished,19,13,1663913345063942,1663913345289714,1663913345324209,31,0,853,542,9673,6723,0,0,15678.7,225047,51123.4,2613605376.0,1.5,"175745,225047,59,35,38,31,59,34,37,32,38,31,36,30,43,29,35,45,113,84319,0,0,0,0,0,0,155,0,0,0,48",59,540.4,881,131.0,17170.0,4.9,"881,419,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,59,161,398,570,570,570,570,570,570,570,570,570,570,570","1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1","7.761873245,7.165147781,7.605986118,7.625072002,7.581394672,7.661452770,7.659568310,7.627281189,7.538283348,7.648130894,7.648977280,7.646443367,7.577320099,7.610880852,7.662839413,7.594055176,7.592848778,7.662833691,5.346174717,6.693209171,7.482118607,7.644935131,7.664292812,7.595146656,7.643230438,7.594839096,7.698119640,7.644002914,7.648988724,7.686812401,7.668937206,7.563340664",LineCall,316,1,Acceptable,VoIP,6,DPI,"46" diff --git a/test/results/flow-analyse/default/quic_cc_ack.pcapng.out b/test/results/flow-analyse/default/quic_cc_ack.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/quic_cc_ack.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/default/rdp.pcap.out b/test/results/flow-analyse/default/rdp.pcap.out index 15de7d326..bab73746f 100644 --- a/test/results/flow-analyse/default/rdp.pcap.out +++ b/test/results/flow-analyse/default/rdp.pcap.out @@ -1,2 +1 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -0,ip4,172.16.2.185,192.168.2.142,tcp,52494,3389,finished,21,11,1559207465138576,1559207465679719,1559207465679652,0,0,572,1179,1691,1900,0,149,34910.3,86174,23095.5,533403456.0,4.5,"42415,42485,360,46147,45785,5885,50430,44534,5170,48270,43112,41453,86174,44710,10166,53885,43706,302,43769,43467,297,43729,43444,307,149,43556,40251,83348,297,42450,42166",40,153.3,1219,233.3,54415.1,4.1,"64,52,40,59,59,40,213,1219,40,166,91,40,126,331,40,612,128,40,145,73,40,531,195,40,81,77,40,80,40,81,84,40","12,3,1,2,0,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,4,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,0,1,1,0,0,1,0","4.441382408,4.923395157,4.571928501,4.281987667,4.796913624,4.630641460,5.275919437,7.619496822,4.680641174,6.597459316,5.503854275,4.680641174,6.437798500,7.132068157,4.680641174,7.669749737,6.215856552,4.680641174,6.650300980,5.246529579,4.680641174,7.538676739,6.737553120,4.680641174,5.756097317,5.626734734,4.881687641,5.445608139,4.680641174,5.722887993,5.468319893,4.680641174",RDP,88,0,Acceptable,RemoteAccess,6,DPI,"30" diff --git a/test/results/flow-analyse/default/rdp2.pcap.out b/test/results/flow-analyse/default/rdp2.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/rdp2.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/default/roblox.pcapng.out b/test/results/flow-analyse/default/roblox.pcapng.out new file mode 100644 index 000000000..f1b619f34 --- /dev/null +++ b/test/results/flow-analyse/default/roblox.pcapng.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.156,128.116.122.4,tcp,39034,443,info,17,15,1686316283901532,1686316295462569,1686316295484971,0,0,1024,1448,2279,7499,0,7,746596.0,10785585,2538101.5,6441959161856.0,1.7,"28467,194118,21533,215727,23,12,472,7,126878,1267,3499,273,4379,2627,513,240,137878,55,702,108040,106788,174593,10000206,310,357197,548002,10785585,40059,91693,5740,187593",40,357.7,1500,487.7,237869.3,3.9,"60,60,52,569,1500,1500,1252,1500,891,52,52,52,52,52,116,1076,702,323,323,52,52,578,52,76,52,52,76,52,52,76,52,40","13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,1,1,1,1,0,0,0,0,1","4.779968262,5.300120354,5.195351124,4.779649258,7.870378971,7.875164032,7.842136383,7.870733738,7.754308224,5.156889439,5.156889439,5.118428230,5.118427753,4.988526344,6.087430477,7.824826241,7.718070984,7.273851871,7.313729286,5.195351124,5.118428230,7.627631664,5.195351124,5.716266155,5.233812809,5.065449238,5.742581844,5.142372608,5.118427753,5.663634777,5.118428230,4.019286156",,,,,,,,"" diff --git a/test/results/flow-analyse/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out b/test/results/flow-analyse/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/default/rtp.pcapng.out b/test/results/flow-analyse/default/rtp.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/rtp.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/default/socks.pcap.out b/test/results/flow-analyse/default/socks.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/socks.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/default/stun.pcap.out b/test/results/flow-analyse/default/stun.pcap.out index 635985fe9..46dcce188 100644 --- a/test/results/flow-analyse/default/stun.pcap.out +++ b/test/results/flow-analyse/default/stun.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip6,3516:bf0b:fc53:75e7:70af:f67f:8e49:f603,2a38:e156:8167:a333:face:b00c::24d9,udp,56880,3478,finished,16,16,1614938022295727,1614938163424247,1614938163431063,20,0,20,44,320,704,0,2867,9105286.0,10358549,2980037.5,8880623976448.0,4.8,"6861,10132226,10132257,10358549,2935,10358540,2867,10055433,10055494,10056921,10056927,10057230,10057183,10053930,10053957,10069481,10069496,10027109,10027105,10027261,10027286,10063952,10063896,10098322,10098363,10035461,10035403,10061356,10061442,10028354,10028259",68,80.0,92,12.0,144.0,5.0,"68,92,68,92,68,68,92,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","5.422471046,5.541838169,5.422470093,5.514770508,5.451882362,5.451882362,5.536509514,5.536509514,5.481293678,5.593521595,5.451882362,5.558248997,5.393059731,5.558248997,5.510704994,5.571783066,5.352545738,5.460210800,5.451882362,5.514770508,5.422471046,5.550043106,5.422470093,5.541838169,5.451882362,5.550043583,5.451882362,5.593522072,5.451882362,5.541838169,5.393058777,5.528304577",STUN,78,0,Acceptable,Network,6,DPI,"" 1,ip4,192.168.12.169,31.13.86.54,udp,38123,40003,finished,17,15,1629291451242856,1629291458067482,1629291458262623,28,0,140,132,2076,1496,0,34,446593.3,6004359,1462539.6,2139022032896.0,1.9,"11521,15638,15947,6004359,4743,5997443,4483,7520,7140,108439,344493,499169,68464,195,19689,29038,92171,23636,96419,1566,50324,48303,277,50092,3265,34,52919,437,9663,44853,232153",56,139.6,168,32.1,1033.4,5.0,"56,132,164,104,168,168,140,168,140,72,164,164,160,168,128,72,164,128,160,128,164,160,128,164,128,160,128,168,128,72,160,160","1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1","4.949250221,5.629978180,5.902420998,5.787013531,5.926646233,5.987994671,5.561037540,5.822503567,5.524854183,5.646986008,5.864535809,5.979504585,5.991234303,5.944041729,5.750370979,5.532198906,5.952124596,5.921264172,5.968927860,5.858764172,5.939929485,5.964835167,5.834393978,6.016089916,5.896893978,6.048427582,5.933710575,5.919234276,5.831344128,5.608724117,6.145952225,6.009518147",STUN.FacebookVoip,78.268,0,Acceptable,VoIP,6,DPI,"5" -1,ip4,192.168.12.169,142.250.82.99,udp,49153,3478,finished,17,15,1647958145472010,1647958147569135,1647958147445904,65,0,546,1198,2034,2806,0,10,131323.2,835905,227053.5,51553292288.0,3.4,"22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681",62,179.2,1226,221.3,48965.1,4.4,"136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95","0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0","5.892770290,5.917269707,5.007872105,5.887039185,7.338845253,6.721559048,5.830899239,5.701940536,7.409162045,5.674040794,6.041372776,6.178256989,6.436406612,5.927646160,6.099106312,5.359262466,5.425189495,5.590319157,5.866630077,5.268241882,5.246464729,5.907410622,5.825631142,5.235982895,6.120714188,5.927108288,5.950603008,6.068934917,6.005105495,5.939156055,6.060311317,5.943433762",STUN.GoogleHangoutDuo,78.201,0,Acceptable,VoIP,6,DPI,"" +1,ip4,192.168.12.169,142.250.82.99,udp,49153,3478,finished,17,15,1647958145472010,1647958147569135,1647958147445904,65,0,546,1198,2034,2806,0,10,131323.2,835905,227053.5,51553292288.0,3.4,"22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681",62,179.2,1226,221.3,48965.1,4.4,"136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95","0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0","5.892770290,5.917269707,5.007872105,5.887039185,7.338845253,6.721559048,5.830899239,5.701940536,7.409162045,5.674040794,6.041372776,6.178256989,6.436406612,5.927646160,6.099106312,5.359262466,5.425189495,5.590319157,5.866630077,5.268241882,5.246464729,5.907410622,5.825631142,5.235982895,6.120714188,5.927108288,5.950603008,6.068934917,6.005105495,5.939156055,6.060311317,5.943433762",DTLS.GoogleHangoutDuo,30.201,1,Acceptable,VoIP,6,DPI,"6,15,24" diff --git a/test/results/flow-analyse/default/stun_classic.pcap.out b/test/results/flow-analyse/default/stun_classic.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/stun_classic.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/default/stun_google_meet.pcapng.out b/test/results/flow-analyse/default/stun_google_meet.pcapng.out new file mode 100644 index 000000000..7ba69a78d --- /dev/null +++ b/test/results/flow-analyse/default/stun_google_meet.pcapng.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.156,142.250.82.76,udp,38152,19305,finished,5,27,1687685003685843,1687685003919073,1687685003929116,81,0,545,1203,1027,7356,0,4,15371.1,164341,39368.1,1549851008.0,2.4,"27716,164341,5265,154432,6654,36352,35377,88,7,4,14,5,6,4,5,33,4,8,4,4,4,4,27272,18857,13,4,4,9,4,5,4",65,290.0,1231,203.2,41279.0,4.7,"152,92,148,185,92,1231,573,598,65,288,288,288,288,288,288,288,288,288,288,288,288,288,109,109,288,288,288,165,288,288,288,288","0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,3,0,1,0,0,0,20,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1","5.938431740,5.693446159,5.907145500,4.997817039,5.679912090,7.332775593,6.760993004,7.409891605,4.603593349,7.060424328,7.083664894,7.159259796,7.130215645,7.048931122,7.046199322,7.094227314,7.077503204,7.049725533,7.095977306,7.143758297,7.077943802,7.098464012,5.672235966,5.727212906,7.040598869,7.076782703,7.038190842,6.382246494,7.161954880,7.089690685,7.073032856,7.083381176",STUN.GoogleHangoutDuo,78.201,0,Acceptable,VoIP,6,DPI,"5" +1,ip4,192.168.12.156,142.250.82.76,udp,38152,3478,finished,23,9,1687685004552860,1687685007476840,1687685007173710,45,0,124,537,1668,977,0,286,178865.5,1000041,232359.1,53990768640.0,4.0,"28728,31564,20654,57272,57107,114859,326724,7631,286,359302,399475,20851,399538,20813,60291,761585,238269,310501,33128,16660,106522,1355,298484,11725,401011,18917,1000041,80368,40305,278612,42252",68,110.7,565,85.7,7337.9,4.8,"152,92,148,92,148,92,565,91,73,93,68,107,73,91,73,148,92,68,80,91,73,80,80,107,73,91,73,68,148,92,128,91","0,14,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0","6.010119915,5.593475819,5.960068226,5.666897774,6.019278049,5.652763844,7.600190163,5.996479034,5.525039673,5.555425644,5.480339050,5.729862213,5.662026882,5.878293514,5.487302303,5.954136372,5.579943180,5.333281517,5.766850948,6.062412739,5.607231617,5.697978497,5.816851616,5.767245293,5.504358292,5.886589527,5.579834938,5.333281517,5.923795223,5.623420238,6.336440086,5.996479034",STUN.GoogleHangoutDuo,78.201,0,Acceptable,VoIP,6,DPI,"46" +1,ip4,192.168.12.156,142.250.82.76,udp,45400,3478,finished,16,16,1687685005044008,1687685041837696,1687685041855156,116,0,124,64,1864,1024,0,30238,2374349.5,8437597,2513707.0,6318722646016.0,4.3,"30238,90776,78178,1745669,1745625,749698,749771,2799723,2799844,3108626,3108432,997539,997498,1610326,1610265,582546,582775,6554830,6554484,8437477,8437597,882386,882517,6551657,6551432,792405,792639,992950,992997,897080,896856",92,118.2,152,26.3,690.9,5.0,"152,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92","0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","6.041833401,5.593477249,6.058853149,5.579942226,5.987570286,5.506519794,6.008540154,5.558203220,6.054466248,5.666898727,5.907513618,5.762059689,6.055450439,5.636953354,6.025833607,5.636953354,6.114410400,5.631624699,5.992813587,5.636953831,6.027671337,5.623420238,5.998055458,5.639230251,6.058160305,5.571735382,6.015348434,5.740320206,6.043981075,5.718581200,5.986004829,5.718581676",STUN.GoogleHangoutDuo,78.201,0,Acceptable,VoIP,6,DPI,"" diff --git a/test/results/flow-analyse/default/stun_msteams_unidir.pcapng.out b/test/results/flow-analyse/default/stun_msteams_unidir.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/stun_msteams_unidir.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/default/stun_wa_call.pcapng.out b/test/results/flow-analyse/default/stun_wa_call.pcapng.out new file mode 100644 index 000000000..1d4fcaf87 --- /dev/null +++ b/test/results/flow-analyse/default/stun_wa_call.pcapng.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.156,93.57.123.227,udp,46652,3478,finished,17,15,1676659968029444,1676659971853147,1676659971919436,20,0,272,245,2693,1097,0,33,248828.9,2505343,601339.2,361608839168.0,2.9,"164,8431,48,2463749,2505343,241,3586,277,39475,77,6128,4820,33,25931,31612,82045,37743,1684,120855,35,78585,59946,292774,129998,59732,381615,376352,412427,48,227940,362001",48,146.4,300,92.2,8492.2,4.7,"240,240,96,96,74,300,300,300,300,96,96,74,96,96,48,48,98,300,300,96,96,89,53,107,108,53,77,86,150,73,227,273","2,4,1,1,0,0,3,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,2,10,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,1,0,0,0,0,1,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,1,0,1,0,0,0,1","7.019773483,6.984464645,5.818136215,5.825999260,5.808753967,6.987159729,6.971193790,6.971321106,6.997097969,5.676367760,5.789438725,5.665334225,5.732045174,5.722330570,5.218094349,5.178508282,5.782431126,6.963978291,6.992527008,5.698242188,5.789439201,5.829556465,4.883490086,6.023591995,6.055227757,5.025671005,5.503230572,5.670224667,6.552639484,5.494553089,6.944911957,7.162023067",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"46" +1,ip4,192.168.12.156,157.240.203.62,udp,49526,3478,finished,16,16,1676660020625604,1676660020791890,1676660020799292,20,0,272,512,1396,6812,0,24,10966.9,25268,4978.7,24787812.0,4.8,"137,8278,24,10101,8060,24512,25268,11561,10122,12790,14381,10560,10576,10583,10464,16311,6103,16248,5886,9963,9713,10612,11320,10716,10523,10812,10574,10236,10724,11289,11527",48,284.5,540,217.5,47305.8,4.6,"300,300,96,96,92,540,92,540,92,540,92,540,92,540,92,540,48,92,48,540,92,540,92,540,92,540,92,540,92,540,92,540","1,0,13,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1","6.990001202,7.010884762,5.755636215,5.672302246,5.721662998,1.491354108,5.778674603,1.487650514,5.626501560,1.484854460,5.623420715,1.491354465,5.691719532,1.491354108,5.569489479,1.485344768,5.160700798,5.721662998,5.136841774,1.489048600,5.743401527,1.492752314,5.735196590,1.489956141,5.640035152,1.476539373,5.664651394,1.487650633,5.808619022,1.477447271,5.713458061,1.502465248",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"46" diff --git a/test/results/flow-analyse/default/thrift.pcap.out b/test/results/flow-analyse/default/thrift.pcap.out new file mode 100644 index 000000000..2a329c408 --- /dev/null +++ b/test/results/flow-analyse/default/thrift.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,169.254.59.247,169.254.46.4,tcp,53387,11010,finished,13,19,1618939325157360,1618939325159246,1618939325159187,0,0,2920,1460,3250,7422,0,59,119.8,188,47.3,2241.9,4.8,"67,135,60,188,60,179,118,60,178,118,59,178,119,60,178,118,59,178,123,123,119,60,187,132,60,183,118,69,188,120,119",40,375.2,2960,637.8,406764.6,3.6,"52,52,40,80,46,88,80,46,80,82,46,106,121,46,311,90,46,104,78,89,79,1500,628,40,1500,628,40,1500,628,40,780,2960","5,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1","6,3,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,0","4.382568836,4.855899811,4.571928978,4.561148643,4.565871716,5.056412220,4.614388943,4.549460888,4.772574902,4.961133480,4.462504387,4.880326271,3.973908663,4.549460888,5.147182465,4.755144119,4.565872192,4.847397804,4.628648281,4.771815300,4.955598831,6.128622055,6.129070759,4.621928692,6.089191914,6.081182480,4.621928692,6.083991051,6.070480347,4.621928692,6.112934589,6.078311443",Thrift,345,0,Acceptable,RPC,6,DPI,"" diff --git a/test/results/flow-analyse/default/tls_ech.pcapng.out b/test/results/flow-analyse/default/tls_ech.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/tls_ech.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/disable_stun_monitoring/lru_ipv6_caches.pcapng.out b/test/results/flow-analyse/disable_stun_monitoring/lru_ipv6_caches.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/disable_stun_monitoring/lru_ipv6_caches.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/enable_doh_heuristic/doh.pcapng.out b/test/results/flow-analyse/enable_doh_heuristic/doh.pcapng.out new file mode 100644 index 000000000..48f4ac4eb --- /dev/null +++ b/test/results/flow-analyse/enable_doh_heuristic/doh.pcapng.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.253,1.1.1.1,tcp,35996,443,finished,17,15,1623220847881632,1623220894239868,1623220878891197,0,0,261,1460,606,3569,0,0,2495735.5,15359810,5583085.5,31170844688384.0,2.4,"12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810",46,174.8,1500,350.9,123099.2,3.6,"60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46","12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0","4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245",TLS,91,1,Safe,Web,6,DPI,"24" diff --git a/test/results/flow-analyse/enable_stun_monitoring_with_subproto/wa_voice.pcap.out b/test/results/flow-analyse/enable_stun_monitoring_with_subproto/wa_voice.pcap.out new file mode 100644 index 000000000..0c4453df9 --- /dev/null +++ b/test/results/flow-analyse/enable_stun_monitoring_with_subproto/wa_voice.pcap.out @@ -0,0 +1,6 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.2.12,157.240.20.53,tcp,49355,5222,finished,17,15,1561455688704143,1561455689377891,1561455689390636,0,0,286,1388,776,6993,0,1,43878.7,304081,76394.5,5836114944.0,3.2,"40742,137033,170366,304081,130232,56,30959,5260,28,391,1,177,42,1186,210132,335,9,41,206,11,311,41447,129925,50,6,6,5,1043,24269,131853,38",52,295.4,1440,467.5,218553.5,3.8,"64,60,52,308,52,109,103,137,1440,92,1440,155,1440,164,1440,52,52,52,52,52,52,52,1045,84,98,119,82,111,52,338,52,52","11,3,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0","0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,1","4.472632408,5.115064144,5.014835358,7.171360493,5.130219936,6.068146706,5.962917328,6.548506737,7.870247841,5.888707161,7.854815006,6.678243637,7.877118111,6.722311020,7.881030083,5.014835358,5.014835358,4.976373196,5.091758251,5.091758251,5.130219936,5.008132935,7.805761337,5.645539761,5.925289631,6.203728676,5.699334145,6.150419712,4.961856842,7.298644066,5.038780212,4.955154419",WhatsApp,142,1,Acceptable,Chat,6,DPI,"" +1,ip4,192.168.2.12,31.13.86.51,tcp,50503,443,finished,17,15,1561455689909150,1561455690224696,1561455690224643,0,0,517,1388,1331,7979,0,0,20356.1,163286,46938.1,2203181824.0,2.5,"19749,127653,2783,126251,2925,28,22,21046,163,145211,12,6,5,40,5,163286,2,38,0,250,1,16,17472,279,12,8,2386,284,150,389,567",52,343.6,1440,489.7,239839.3,3.9,"64,60,52,569,52,1440,1440,335,52,52,116,98,95,87,388,311,52,223,126,83,52,100,484,52,52,52,52,1440,52,1440,1440,83","10,3,1,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0","4.453177452,5.156567574,5.038779736,4.954115391,5.062724590,7.845219135,7.875988007,7.363695621,5.038779736,5.077241421,6.006405830,6.022478580,5.964075089,5.738524437,7.327147007,7.233700752,5.115703106,6.979569435,6.337362766,5.826725960,5.032077789,6.041212559,7.548195839,4.923395157,4.961856842,5.000318050,4.947339535,7.873440742,5.038779736,7.854992867,7.876389503,5.699865818",TLS.WhatsAppFiles,91.242,1,Acceptable,Download,6,DPI,"" +1,ip4,192.168.2.12,157.240.20.52,tcp,50504,443,finished,16,16,1561455707474558,1561455707778028,1561455707778471,0,0,517,1388,928,9370,0,5,19593.0,129132,30818.3,949767616.0,3.5,"37234,38970,11147,51469,985,103,11,42805,136,34645,3771,380,216,299,76165,5,34895,421,279,3605,27,2938,1342,3436,77447,53735,129132,1406,40,219,120",52,374.4,1440,526.3,277041.4,3.9,"64,60,52,569,52,1440,1440,333,52,52,116,98,95,87,244,223,126,52,52,83,52,83,52,87,52,52,502,52,1440,1440,1440,1440","10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,1,1","4.421927452,5.127645493,4.947339535,4.844649315,5.024262905,7.828526497,7.880538940,7.342582226,4.947340012,4.947340012,6.096442223,5.933140755,5.903703690,5.761512756,7.014289856,6.959705353,6.368111134,4.923395157,4.923395157,5.597574711,5.062724590,5.763532162,4.985801220,5.859550953,4.947339535,4.985801220,7.559065819,4.947340012,7.871157646,7.859573364,7.846300602,7.844365597",TLS.WhatsApp,91.142,1,Acceptable,Chat,6,DPI,"" +1,ip4,192.168.2.12,31.13.86.48,udp,56328,3478,finished,12,20,1561455706912375,1561455731523132,1561455731536124,6,0,126,278,792,1833,0,1,1588209.8,12196243,3050402.8,9304956469248.0,3.2,"61,13448,128,12194152,12196243,104402,58,105108,1,108628,104619,3043264,3048902,3100925,3096031,3015294,3016553,2001940,2156,107078,164036,190107,88523,28769,198646,133957,3008088,90958,35571,314,36546",30,110.0,306,87.2,7598.9,4.6,"154,154,72,72,34,30,154,154,72,72,34,30,34,30,34,30,34,30,74,54,232,261,240,150,306,234,302,34,30,154,154,72","6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1","6.541143417,6.523254871,5.258596897,5.258596897,4.628356934,4.453236580,6.497281075,6.520071030,5.203041553,5.130857468,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,5.668909073,5.185353279,6.995151520,7.135284424,7.074851990,6.635347366,7.304471493,6.999480724,7.242955685,4.628356934,4.453236580,6.523254871,6.523254871,5.230819225",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"46" +1,ip4,91.252.56.51,192.168.2.12,udp,32704,56328,finished,18,14,1561455730495456,1561455733316995,1561455733325980,26,0,171,273,1873,1869,0,2,182324.6,1203723,228895.9,52393320448.0,4.2,"578236,623635,1203723,72457,167216,11596,115693,158378,2,172820,173607,169808,156213,136586,155315,179817,99336,157427,38286,163380,181314,166574,142422,2967,25967,115313,6126,171847,106305,56249,143448",54,144.9,301,51.7,2672.5,4.9,"72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179","1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1","5.523683071,5.551460743,5.523683071,5.586590290,5.513198376,5.558812618,6.900094032,7.080634594,6.725411892,6.561889648,7.326864719,6.497554302,6.712717533,6.644547939,6.493841648,6.572838783,6.470429420,6.565414429,6.709655762,6.771090984,6.675994873,6.701801777,6.747565746,6.673988342,6.480553150,5.199332237,6.648680687,6.585022449,6.694502831,6.592251301,6.568360806,6.807644844",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"5,46" diff --git a/test/results/flow-info/default/doh.pcapng.out b/test/results/flow-info/default/doh.pcapng.out new file mode 100644 index 000000000..bbcd31915 --- /dev/null +++ b/test/results/flow-info/default/doh.pcapng.out @@ -0,0 +1,21 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] + detected: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][] + RISK: Missing SNI TLS Extn + detection-update: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][] + RISK: Missing SNI TLS Extn + analyse: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 15.360| 2.496| 5.583| 31170844.688| 2.400] + [PKTLEN......: 46.000| 1500.000| 174.800| 350.900| 123099.200| 3.600] + [BINS(c->s)..: 12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0] + [IATS(ms)....: 12.4,12.7,9.4,22.9,3.1,16.3,0.0,0.0,0.5,0.5,548.5,0.0,0.5,0.0,559.4,0.0,0.4,10.9,0.0,0.4,0.0,2.9,0.0,3.3,0.0,50.3,15056.9,15017.8,15339.6,15339.5,15359.8] + [PKTLENS.....: 60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46] + [ENTROPIES...: 4.4,4.4,4.2,5.9,4.1,7.8,4.1,7.9,4.1,7.1,4.1,5.9,6.2,6.4,6.0,4.1,4.1,6.2,4.1,5.5,4.1,4.1,7.4,5.5,4.1,4.1,4.2,4.1,4.1,4.1,4.2,4.1] + idle: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe] + RISK: Missing SNI TLS Extn + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/edonkey.pcap.out b/test/results/flow-info/default/edonkey.pcap.out new file mode 100644 index 000000000..9f10c5a72 --- /dev/null +++ b/test/results/flow-info/default/edonkey.pcap.out @@ -0,0 +1,9 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.201.15.177.227][.1754] -> [135.192.214.240][.7551] + detected: [.....1] [ip4][..tcp] [.201.15.177.227][.1754] -> [135.192.214.240][.7551] [eDonkey][Unknown][Download][Unsafe] + RISK: Unsafe Protocol + end: [.....1] [ip4][..tcp] [.201.15.177.227][.1754] -> [135.192.214.240][.7551] [eDonkey][Unknown][Download][Unsafe] + RISK: Unsafe Protocol + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out index b59a44667..fee5b0fcf 100644 --- a/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out @@ -1786,15 +1786,11 @@ detection-update: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udq.sip.cybercity.dk] RISK: Text With Non-Printable Chars, Unidirectional Traffic new: [...233] [ip4][..udp] [....192.168.1.3][30000] -> [..212.242.33.36][40392] - detected: [...233] [ip4][..udp] [....192.168.1.3][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable] new: [...234] [ip4][..udp] [....192.168.1.2][30000] -> [....37.115.0.36][40392] - detected: [...234] [ip4][..udp] [....192.168.1.2][30000] -> [....37.115.0.36][40392] [RTP][Unknown][Media][Acceptable] new: [...235] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] detected: [...235] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable] new: [...236] [ip4][..udp] [....192.168.1.2][30000] -> [..214.242.33.36][40392] - detected: [...236] [ip4][..udp] [....192.168.1.2][30000] -> [..214.242.33.36][40392] [RTP][Unknown][Media][Acceptable] new: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392] - detected: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable] ERROR-EVENT: Unknown packet type [2/16] detection-update: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Text With Non-Printable Chars, Unidirectional Traffic @@ -1891,11 +1887,11 @@ update: [...230] [ip4][..udp] [....192.168.1.2][.2815] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] RISK: Malformed Packet, Error Code, Unidirectional Traffic update: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] - update: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable] - update: [...233] [ip4][..udp] [....192.168.1.3][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable] + update: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392] + update: [...233] [ip4][..udp] [....192.168.1.3][30000] -> [..212.242.33.36][40392] update: [...235] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable] - update: [...236] [ip4][..udp] [....192.168.1.2][30000] -> [..214.242.33.36][40392] [RTP][Unknown][Media][Acceptable] - update: [...234] [ip4][..udp] [....192.168.1.2][30000] -> [....37.115.0.36][40392] [RTP][Unknown][Media][Acceptable] + update: [...236] [ip4][..udp] [....192.168.1.2][30000] -> [..214.242.33.36][40392] + update: [...234] [ip4][..udp] [....192.168.1.2][30000] -> [....37.115.0.36][40392] new: [...245] [ip4][..udp] [....192.168.1.2][.2827] -> [..192.168.1.114][...53] detected: [...245] [ip4][..udp] [....192.168.1.2][.2827] -> [..192.168.1.114][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Unidirectional Traffic @@ -1992,11 +1988,11 @@ update: [...229] [ip4][..udp] [....192.168.1.2][29440] -> [...192.168.1.37][..137] [NetBIOS][Unknown][System][Acceptable] RISK: Unidirectional Traffic update: [...225] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..905] - update: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable] - update: [...233] [ip4][..udp] [....192.168.1.3][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable] + update: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392] + update: [...233] [ip4][..udp] [....192.168.1.3][30000] -> [..212.242.33.36][40392] update: [...235] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable] - update: [...236] [ip4][..udp] [....192.168.1.2][30000] -> [..214.242.33.36][40392] [RTP][Unknown][Media][Acceptable] - update: [...234] [ip4][..udp] [....192.168.1.2][30000] -> [....37.115.0.36][40392] [RTP][Unknown][Media][Acceptable] + update: [...236] [ip4][..udp] [....192.168.1.2][30000] -> [..214.242.33.36][40392] + update: [...234] [ip4][..udp] [....192.168.1.2][30000] -> [....37.115.0.36][40392] detection-update: [...254] [ip4][..udp] [....192.168.1.2][.2830] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][sip.cybercity.dk] new: [...256] [ip4][..udp] [....192.168.1.2][.2831] -> [....192.168.1.1][...53] detected: [...256] [ip4][..udp] [....192.168.1.2][.2831] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] @@ -2112,18 +2108,26 @@ guessed: [....32] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.168.1.2][.2732] [FTP_CONTROL][Unknown][Download][Unsafe] RISK: Unsafe Protocol, Unidirectional Traffic idle: [....32] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.168.1.2][.2732] - idle: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable] + not-detected: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392] [Unknown][Unknown][Unrated] + RISK: Unidirectional Traffic + idle: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392] not-detected: [....28] [ip4][..tcp] [..147.234.1.253][..120] -> [....192.168.1.2][.2720] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....28] [ip4][..tcp] [..147.234.1.253][..120] -> [....192.168.1.2][.2720] idle: [...235] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable] - idle: [...233] [ip4][..udp] [....192.168.1.3][30000] -> [..212.242.33.36][40392] [RTP][Unknown][Media][Acceptable] - idle: [...236] [ip4][..udp] [....192.168.1.2][30000] -> [..214.242.33.36][40392] [RTP][Unknown][Media][Acceptable] + not-detected: [...233] [ip4][..udp] [....192.168.1.3][30000] -> [..212.242.33.36][40392] [Unknown][Unknown][Unrated] + RISK: Unidirectional Traffic + idle: [...233] [ip4][..udp] [....192.168.1.3][30000] -> [..212.242.33.36][40392] + not-detected: [...236] [ip4][..udp] [....192.168.1.2][30000] -> [..214.242.33.36][40392] [Unknown][Unknown][Unrated] + RISK: Unidirectional Traffic + idle: [...236] [ip4][..udp] [....192.168.1.2][30000] -> [..214.242.33.36][40392] guessed: [....18] [ip4][..tcp] [....192.168.1.2][.2717] -> [..147.137.21.94][..445] [SMBv23][Unknown][System][Acceptable] RISK: Unidirectional Traffic idle: [....18] [ip4][..tcp] [....192.168.1.2][.2717] -> [..147.137.21.94][..445] idle: [...247] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.170.1.1][...53] - idle: [...234] [ip4][..udp] [....192.168.1.2][30000] -> [....37.115.0.36][40392] [RTP][Unknown][Media][Acceptable] + not-detected: [...234] [ip4][..udp] [....192.168.1.2][30000] -> [....37.115.0.36][40392] [Unknown][Unknown][Unrated] + RISK: Unidirectional Traffic + idle: [...234] [ip4][..udp] [....192.168.1.2][30000] -> [....37.115.0.36][40392] guessed: [....24] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.169.1.2][.2720] [FTP_CONTROL][Unknown][Download][Unsafe] RISK: Unsafe Protocol, Unidirectional Traffic idle: [....24] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.169.1.2][.2720] diff --git a/test/results/flow-info/default/geforcenow.pcapng.out b/test/results/flow-info/default/geforcenow.pcapng.out index 3fa64cb03..2a0bc4a92 100644 --- a/test/results/flow-info/default/geforcenow.pcapng.out +++ b/test/results/flow-info/default/geforcenow.pcapng.out @@ -34,7 +34,7 @@ [PKTLENS.....: 124,124,124,92,185,185,185,185,689,568,119,358,164,107,53,95,101,101,141,137,105,109,73,113,113,113,73,85,89,105,85,105] [ENTROPIES...: 5.8,5.8,5.8,5.7,5.0,5.0,5.0,5.0,6.5,6.7,4.8,6.6,6.2,4.4,3.8,5.3,6.0,5.8,6.4,6.3,5.9,6.0,5.4,6.0,6.2,6.1,5.4,5.6,5.8,6.1,5.7,6.1] idle: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [STUN][Nvidia][Network][Acceptable] - RISK: Known Proto on Non Std Port, Unidirectional Traffic + RISK: Known Proto on Non Std Port idle: [.....1] [ip4][..tcp] [..192.168.1.245][57490] -> [..80.84.167.206][49100] [TLS.GeForceNow][Nvidia][Game][Fun] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/gnutella.pcap.out b/test/results/flow-info/default/gnutella.pcap.out index 788c4ac18..4a3cb4e16 100644 --- a/test/results/flow-info/default/gnutella.pcap.out +++ b/test/results/flow-info/default/gnutella.pcap.out @@ -147,9 +147,17 @@ new: [....83] [ip4][..tcp] [......10.0.2.15][50242] -> [109.210.203.131][.6346] new: [....84] [ip4][..tcp] [......10.0.2.15][50243] -> [176.138.129.252][27962] new: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] + detected: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [....86] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] + detected: [....86] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] + detected: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] + detected: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [....15] [ip4][..udp] [......10.0.2.15][63957] -> [239.255.255.250][.3702] [WSD][Unknown][Network][Acceptable] update: [....19] [ip4][..udp] [......10.0.2.15][63964] -> [239.255.255.250][.3702] [WSD][Unknown][Network][Acceptable] update: [.....5] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable] @@ -179,28 +187,74 @@ detected: [....94] [ip4][..tcp] [......10.0.2.15][50249] -> [.86.208.180.181][45883] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol new: [....96] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] + detected: [....96] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [....97] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] + detected: [....97] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] + detected: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [....99] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] + detected: [....99] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...100] [ip4][..udp] [......10.0.2.15][28681] -> [220.133.122.217][23458] + detected: [...100] [ip4][..udp] [......10.0.2.15][28681] -> [220.133.122.217][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...101] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] + detected: [...101] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...102] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] + detected: [...102] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...103] [ip4][..udp] [......10.0.2.15][28681] -> [.220.134.167.82][.5820] + detected: [...103] [ip4][..udp] [......10.0.2.15][28681] -> [.220.134.167.82][.5820] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...104] [ip4][..udp] [......10.0.2.15][28681] -> [..42.98.115.128][23458] + detected: [...104] [ip4][..udp] [......10.0.2.15][28681] -> [..42.98.115.128][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...105] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] + detected: [...105] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...106] [ip4][..udp] [......10.0.2.15][28681] -> [..114.39.154.69][.4832] + detected: [...106] [ip4][..udp] [......10.0.2.15][28681] -> [..114.39.154.69][.4832] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...107] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] + detected: [...107] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] + detected: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] + detected: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...110] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] + detected: [...110] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] + detected: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...112] [ip4][..udp] [......10.0.2.15][28681] -> [.36.239.213.146][21750] + detected: [...112] [ip4][..udp] [......10.0.2.15][28681] -> [.36.239.213.146][21750] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] + detected: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] + detected: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...115] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.104][11804] + detected: [...115] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.104][11804] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] + detected: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] + detected: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] + detected: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic detected: [....93] [ip4][..tcp] [......10.0.2.15][50248] -> [109.214.154.216][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol new: [...119] [ip4][..tcp] [......10.0.2.15][50250] -> [...27.94.154.53][.6346] @@ -215,23 +269,59 @@ detected: [...122] [ip4][..tcp] [......10.0.2.15][50253] -> [103.232.107.100][43508] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol new: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] + detected: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] + detected: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] + detected: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...127] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.1024] + detected: [...127] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.1024] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] + detected: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] + detected: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] + detected: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...131] [ip4][..udp] [......10.0.2.15][28681] -> [.86.225.140.186][.6346] + detected: [...131] [ip4][..udp] [......10.0.2.15][28681] -> [.86.225.140.186][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...132] [ip4][..udp] [......10.0.2.15][28681] -> [...79.86.173.45][.6346] + detected: [...132] [ip4][..udp] [......10.0.2.15][28681] -> [...79.86.173.45][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] + detected: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...134] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] + detected: [...134] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] + detected: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...136] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][16047] + detected: [...136] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][16047] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] + detected: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] + detected: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] + detected: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] + detected: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] + detected: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...142] [ip4][..tcp] [......10.0.2.15][50255] -> [..36.236.203.37][52165] new: [...143] [ip4][..tcp] [......10.0.2.15][50256] -> [.36.233.201.161][.2886] new: [...144] [ip4][..tcp] [......10.0.2.15][50257] -> [...219.70.48.23][.3054] @@ -257,71 +347,203 @@ update: [.....3] [ip6][icmp6] [..............fe80::c50d:519f:96a4:e108] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable] update: [.....1] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ffa4:e108] [ICMPV6][Unknown][Network][Acceptable] new: [...154] [ip4][..udp] [......10.0.2.15][28681] -> [174.115.111.224][51984] + detected: [...154] [ip4][..udp] [......10.0.2.15][28681] -> [174.115.111.224][51984] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...155] [ip4][..udp] [......10.0.2.15][28681] -> [.88.168.182.103][.6346] + detected: [...155] [ip4][..udp] [......10.0.2.15][28681] -> [.88.168.182.103][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] + detected: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] + detected: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] + detected: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] + detected: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] + detected: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] + detected: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...162] [ip4][..udp] [......10.0.2.15][28681] -> [.88.123.159.111][44729] + detected: [...162] [ip4][..udp] [......10.0.2.15][28681] -> [.88.123.159.111][44729] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...163] [ip4][..udp] [......10.0.2.15][28681] -> [.88.126.160.158][.6346] + detected: [...163] [ip4][..udp] [......10.0.2.15][28681] -> [.88.126.160.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...164] [ip4][..udp] [......10.0.2.15][28681] -> [.142.197.219.85][26234] + detected: [...164] [ip4][..udp] [......10.0.2.15][28681] -> [.142.197.219.85][26234] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...165] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] + detected: [...165] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] + detected: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] + detected: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...168] [ip4][..udp] [......10.0.2.15][28681] -> [...89.157.59.43][56919] + detected: [...168] [ip4][..udp] [......10.0.2.15][28681] -> [...89.157.59.43][56919] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...169] [ip4][..udp] [......10.0.2.15][28681] -> [...91.162.52.93][34799] + detected: [...169] [ip4][..udp] [......10.0.2.15][28681] -> [...91.162.52.93][34799] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...170] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] + detected: [...170] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] + detected: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] + detected: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...173] [ip4][..udp] [......10.0.2.15][28681] -> [..121.99.222.36][44988] + detected: [...173] [ip4][..udp] [......10.0.2.15][28681] -> [..121.99.222.36][44988] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...174] [ip4][..udp] [......10.0.2.15][28681] -> [..196.74.159.56][29271] + detected: [...174] [ip4][..udp] [......10.0.2.15][28681] -> [..196.74.159.56][29271] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] + detected: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] + detected: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...177] [ip4][..udp] [......10.0.2.15][28681] -> [.69.157.183.106][.6346] + detected: [...177] [ip4][..udp] [......10.0.2.15][28681] -> [.69.157.183.106][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...178] [ip4][..udp] [......10.0.2.15][28681] -> [....83.46.253.7][.6346] + detected: [...178] [ip4][..udp] [......10.0.2.15][28681] -> [....83.46.253.7][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...179] [ip4][..udp] [......10.0.2.15][28681] -> [.178.51.146.115][.6346] + detected: [...179] [ip4][..udp] [......10.0.2.15][28681] -> [.178.51.146.115][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] + detected: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...181] [ip4][..udp] [......10.0.2.15][28681] -> [...66.177.5.135][.6346] + detected: [...181] [ip4][..udp] [......10.0.2.15][28681] -> [...66.177.5.135][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...182] [ip4][..udp] [......10.0.2.15][28681] -> [....73.3.103.37][35589] + detected: [...182] [ip4][..udp] [......10.0.2.15][28681] -> [....73.3.103.37][35589] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] + detected: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] + detected: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] + detected: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...186] [ip4][..udp] [......10.0.2.15][28681] -> [..91.182.44.202][30277] + detected: [...186] [ip4][..udp] [......10.0.2.15][28681] -> [..91.182.44.202][30277] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] + detected: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...188] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] + detected: [...188] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...189] [ip4][..udp] [......10.0.2.15][28681] -> [115.195.105.243][.6346] + detected: [...189] [ip4][..udp] [......10.0.2.15][28681] -> [115.195.105.243][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] + detected: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] + detected: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...192] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] + detected: [...192] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...193] [ip4][..udp] [......10.0.2.15][28681] -> [..188.44.126.74][54633] + detected: [...193] [ip4][..udp] [......10.0.2.15][28681] -> [..188.44.126.74][54633] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...194] [ip4][..udp] [......10.0.2.15][28681] -> [176.150.126.156][16471] + detected: [...194] [ip4][..udp] [......10.0.2.15][28681] -> [176.150.126.156][16471] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] + detected: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...196] [ip4][..udp] [......10.0.2.15][28681] -> [..88.127.72.106][.6346] + detected: [...196] [ip4][..udp] [......10.0.2.15][28681] -> [..88.127.72.106][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...197] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] + detected: [...197] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...198] [ip4][..udp] [......10.0.2.15][28681] -> [..58.182.171.50][15180] + detected: [...198] [ip4][..udp] [......10.0.2.15][28681] -> [..58.182.171.50][15180] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...199] [ip4][..udp] [......10.0.2.15][28681] -> [..114.73.129.26][53585] + detected: [...199] [ip4][..udp] [......10.0.2.15][28681] -> [..114.73.129.26][53585] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] + detected: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...201] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] + detected: [...201] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...202] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] + detected: [...202] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...203] [ip4][..udp] [......10.0.2.15][28681] -> [.120.156.204.38][54832] + detected: [...203] [ip4][..udp] [......10.0.2.15][28681] -> [.120.156.204.38][54832] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...204] [ip4][..udp] [......10.0.2.15][28681] -> [..84.126.240.32][45313] + detected: [...204] [ip4][..udp] [......10.0.2.15][28681] -> [..84.126.240.32][45313] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...205] [ip4][..udp] [......10.0.2.15][28681] -> [..96.29.197.138][.6346] + detected: [...205] [ip4][..udp] [......10.0.2.15][28681] -> [..96.29.197.138][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...206] [ip4][..udp] [......10.0.2.15][28681] -> [213.166.132.204][11194] + detected: [...206] [ip4][..udp] [......10.0.2.15][28681] -> [213.166.132.204][11194] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...207] [ip4][..udp] [......10.0.2.15][28681] -> [.81.242.191.215][.6346] + detected: [...207] [ip4][..udp] [......10.0.2.15][28681] -> [.81.242.191.215][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...208] [ip4][..udp] [......10.0.2.15][28681] -> [..81.249.64.215][25058] + detected: [...208] [ip4][..udp] [......10.0.2.15][28681] -> [..81.249.64.215][25058] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] + detected: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...210] [ip4][..udp] [......10.0.2.15][28681] -> [.41.100.120.146][12838] + detected: [...210] [ip4][..udp] [......10.0.2.15][28681] -> [.41.100.120.146][12838] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...211] [ip4][..udp] [......10.0.2.15][28681] -> [..186.93.139.92][.6346] + detected: [...211] [ip4][..udp] [......10.0.2.15][28681] -> [..186.93.139.92][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...212] [ip4][..udp] [......10.0.2.15][28681] -> [...36.233.3.223][12848] + detected: [...212] [ip4][..udp] [......10.0.2.15][28681] -> [...36.233.3.223][12848] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] + detected: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...214] [ip4][..udp] [......10.0.2.15][28681] -> [.91.169.215.227][26820] + detected: [...214] [ip4][..udp] [......10.0.2.15][28681] -> [.91.169.215.227][26820] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...215] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] + detected: [...215] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...216] [ip4][..udp] [......10.0.2.15][28681] -> [.212.68.248.153][27223] + detected: [...216] [ip4][..udp] [......10.0.2.15][28681] -> [.212.68.248.153][27223] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...217] [ip4][..udp] [......10.0.2.15][28681] -> [.126.117.45.151][19323] + detected: [...217] [ip4][..udp] [......10.0.2.15][28681] -> [.126.117.45.151][19323] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...218] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.52.115][53956] + detected: [...218] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.52.115][53956] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] + detected: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...220] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][.9239] new: [...221] [ip4][..tcp] [......10.0.2.15][50267] -> [.113.252.86.162][.9239] detected: [...221] [ip4][..tcp] [......10.0.2.15][50267] -> [.113.252.86.162][.9239] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -521,7 +743,11 @@ update: [....22] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][62539] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] update: [....24] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][50435] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] new: [...305] [ip4][..udp] [......10.0.2.15][28681] -> [..88.168.175.31][.6346] + detected: [...305] [ip4][..udp] [......10.0.2.15][28681] -> [..88.168.175.31][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...306] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] + detected: [...306] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...307] [ip4][..udp] [......10.0.2.15][28681] -> [..72.201.208.57][38617] detected: [...307] [ip4][..udp] [......10.0.2.15][28681] -> [..72.201.208.57][38617] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic @@ -667,10 +893,14 @@ [IATS(ms)....: 17.2,17.4,3.5,3.9,14.2,15.0,0.7,2.8,2.9,25.8,0.0,26.1,9.0,9.3,15.9,71.8,495.6,483.5,221.2,265.2,15.6,77.3,487.6,467.7,9469.0,9510.7,13761.0,13801.6,1593.6,1634.0,4141.0] [PKTLENS.....: 52,44,40,639,40,699,111,40,304,40,1500,180,40,166,40,91,40,219,40,404,40,387,40,507,40,115,40,111,40,176,40,101] [ENTROPIES...: 4.6,4.8,4.8,5.8,4.6,5.7,5.6,4.7,5.3,4.7,7.7,6.7,4.7,6.3,4.6,5.2,4.8,6.9,4.8,7.5,4.7,7.4,4.7,7.5,4.8,6.0,4.6,5.8,4.8,6.7,4.6,5.9] - update: [...134] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] - update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] - update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] - update: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] + update: [...134] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [....15] [ip4][..udp] [......10.0.2.15][63957] -> [239.255.255.250][.3702] [WSD][Unknown][Network][Acceptable] update: [....19] [ip4][..udp] [......10.0.2.15][63964] -> [239.255.255.250][.3702] [WSD][Unknown][Network][Acceptable] update: [.....5] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable] @@ -679,56 +909,97 @@ update: [....13] [ip4][..udp] [......10.0.2.15][..137] -> [.....10.0.2.255][..137] [NetBIOS][Unknown][System][Acceptable] update: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous] RISK: Unsafe Protocol - update: [....96] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] + update: [....96] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] - update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] - update: [...100] [ip4][..udp] [......10.0.2.15][28681] -> [220.133.122.217][23458] - update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] - update: [...115] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.104][11804] - update: [...101] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] - update: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] + update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...100] [ip4][..udp] [......10.0.2.15][28681] -> [220.133.122.217][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...115] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.104][11804] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...101] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [....14] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63958] -> [................................ff02::c][.3702] [WSD][Unknown][Network][Acceptable] update: [....18] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63965] -> [................................ff02::c][.3702] [WSD][Unknown][Network][Acceptable] - update: [...131] [ip4][..udp] [......10.0.2.15][28681] -> [.86.225.140.186][.6346] - update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] - update: [...106] [ip4][..udp] [......10.0.2.15][28681] -> [..114.39.154.69][.4832] - update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] - update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] + update: [...131] [ip4][..udp] [......10.0.2.15][28681] -> [.86.225.140.186][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...106] [ip4][..udp] [......10.0.2.15][28681] -> [..114.39.154.69][.4832] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [.....9] [ip4][..udp] [......10.0.2.15][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] - update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] + update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [....17] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63960] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable] - update: [...136] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][16047] - update: [....86] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] - update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] + update: [...136] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][16047] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....86] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [....10] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable] - update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] - update: [...127] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.1024] - update: [...112] [ip4][..udp] [......10.0.2.15][28681] -> [.36.239.213.146][21750] - update: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] - update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] - update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] - update: [....99] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] - update: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] - update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] - update: [...107] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] - update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] - update: [...103] [ip4][..udp] [......10.0.2.15][28681] -> [.220.134.167.82][.5820] - update: [....97] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] - update: [...104] [ip4][..udp] [......10.0.2.15][28681] -> [..42.98.115.128][23458] + update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...127] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.1024] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...112] [ip4][..udp] [......10.0.2.15][28681] -> [.36.239.213.146][21750] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....99] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...107] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...103] [ip4][..udp] [......10.0.2.15][28681] -> [.220.134.167.82][.5820] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....97] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...104] [ip4][..udp] [......10.0.2.15][28681] -> [..42.98.115.128][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [.....7] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] - update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] - update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] - update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] - update: [...102] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] - update: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] + update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...102] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [....12] [ip4][..udp] [......10.0.2.15][63717] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - update: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] - update: [...132] [ip4][..udp] [......10.0.2.15][28681] -> [...79.86.173.45][.6346] - update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] + update: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...132] [ip4][..udp] [......10.0.2.15][28681] -> [...79.86.173.45][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [....11] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63717] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - update: [...110] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] - update: [...105] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] - update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] + update: [...110] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...105] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...337] [ip4][..udp] [......10.0.2.15][28681] -> [..24.116.64.132][51227] detected: [...337] [ip4][..udp] [......10.0.2.15][28681] -> [..24.116.64.132][51227] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic @@ -772,78 +1043,148 @@ detected: [...350] [ip4][..udp] [......10.0.2.15][28681] -> [..99.250.253.99][11819] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic new: [...351] [ip4][..udp] [......10.0.2.15][28681] -> [..187.37.87.189][.6346] + detected: [...351] [ip4][..udp] [......10.0.2.15][28681] -> [..187.37.87.189][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] + detected: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [.....4] [ip6][icmp6] [..............fe80::c50d:519f:96a4:e108] -> [................................ff02::1] [ICMPV6][Unknown][Network][Acceptable] idle: [.....1] [ip6][icmp6] [.....................................::] -> [......................ff02::1:ffa4:e108] [ICMPV6][Unknown][Network][Acceptable] update: [....95] [ip4][.icmp] [.......10.0.2.2] -> [......10.0.2.15] [ICMP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic - update: [...170] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] - update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] - update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] - update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] - update: [...196] [ip4][..udp] [......10.0.2.15][28681] -> [..88.127.72.106][.6346] - update: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] + update: [...170] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...196] [ip4][..udp] [......10.0.2.15][28681] -> [..88.127.72.106][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...220] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][.9239] - update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] - update: [...217] [ip4][..udp] [......10.0.2.15][28681] -> [.126.117.45.151][19323] - update: [...155] [ip4][..udp] [......10.0.2.15][28681] -> [.88.168.182.103][.6346] - update: [...198] [ip4][..udp] [......10.0.2.15][28681] -> [..58.182.171.50][15180] - update: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] - update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] - update: [...192] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] - update: [...181] [ip4][..udp] [......10.0.2.15][28681] -> [...66.177.5.135][.6346] - update: [...162] [ip4][..udp] [......10.0.2.15][28681] -> [.88.123.159.111][44729] - update: [...214] [ip4][..udp] [......10.0.2.15][28681] -> [.91.169.215.227][26820] - update: [...193] [ip4][..udp] [......10.0.2.15][28681] -> [..188.44.126.74][54633] - update: [...169] [ip4][..udp] [......10.0.2.15][28681] -> [...91.162.52.93][34799] - update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] - update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] - update: [...206] [ip4][..udp] [......10.0.2.15][28681] -> [213.166.132.204][11194] - update: [...203] [ip4][..udp] [......10.0.2.15][28681] -> [.120.156.204.38][54832] - update: [...199] [ip4][..udp] [......10.0.2.15][28681] -> [..114.73.129.26][53585] - update: [...207] [ip4][..udp] [......10.0.2.15][28681] -> [.81.242.191.215][.6346] - update: [...208] [ip4][..udp] [......10.0.2.15][28681] -> [..81.249.64.215][25058] - update: [...173] [ip4][..udp] [......10.0.2.15][28681] -> [..121.99.222.36][44988] - update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] - update: [...212] [ip4][..udp] [......10.0.2.15][28681] -> [...36.233.3.223][12848] - update: [...197] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] - update: [...168] [ip4][..udp] [......10.0.2.15][28681] -> [...89.157.59.43][56919] - update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] - update: [...215] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] - update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] - update: [...164] [ip4][..udp] [......10.0.2.15][28681] -> [.142.197.219.85][26234] - update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] - update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] - update: [...189] [ip4][..udp] [......10.0.2.15][28681] -> [115.195.105.243][.6346] - update: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] - update: [...179] [ip4][..udp] [......10.0.2.15][28681] -> [.178.51.146.115][.6346] - update: [...186] [ip4][..udp] [......10.0.2.15][28681] -> [..91.182.44.202][30277] - update: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] - update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] - update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] - update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] - update: [...174] [ip4][..udp] [......10.0.2.15][28681] -> [..196.74.159.56][29271] - update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] - update: [...165] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] - update: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] - update: [...188] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] - update: [...177] [ip4][..udp] [......10.0.2.15][28681] -> [.69.157.183.106][.6346] - update: [...205] [ip4][..udp] [......10.0.2.15][28681] -> [..96.29.197.138][.6346] - update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] - update: [...182] [ip4][..udp] [......10.0.2.15][28681] -> [....73.3.103.37][35589] - update: [...210] [ip4][..udp] [......10.0.2.15][28681] -> [.41.100.120.146][12838] - update: [...218] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.52.115][53956] - update: [...211] [ip4][..udp] [......10.0.2.15][28681] -> [..186.93.139.92][.6346] - update: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] - update: [...154] [ip4][..udp] [......10.0.2.15][28681] -> [174.115.111.224][51984] - update: [...201] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] - update: [...194] [ip4][..udp] [......10.0.2.15][28681] -> [176.150.126.156][16471] - update: [...178] [ip4][..udp] [......10.0.2.15][28681] -> [....83.46.253.7][.6346] - update: [...163] [ip4][..udp] [......10.0.2.15][28681] -> [.88.126.160.158][.6346] - update: [...216] [ip4][..udp] [......10.0.2.15][28681] -> [.212.68.248.153][27223] - update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] - update: [...204] [ip4][..udp] [......10.0.2.15][28681] -> [..84.126.240.32][45313] - update: [...202] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] + update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...217] [ip4][..udp] [......10.0.2.15][28681] -> [.126.117.45.151][19323] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...155] [ip4][..udp] [......10.0.2.15][28681] -> [.88.168.182.103][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...198] [ip4][..udp] [......10.0.2.15][28681] -> [..58.182.171.50][15180] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...192] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...181] [ip4][..udp] [......10.0.2.15][28681] -> [...66.177.5.135][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...162] [ip4][..udp] [......10.0.2.15][28681] -> [.88.123.159.111][44729] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...214] [ip4][..udp] [......10.0.2.15][28681] -> [.91.169.215.227][26820] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...193] [ip4][..udp] [......10.0.2.15][28681] -> [..188.44.126.74][54633] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...169] [ip4][..udp] [......10.0.2.15][28681] -> [...91.162.52.93][34799] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...206] [ip4][..udp] [......10.0.2.15][28681] -> [213.166.132.204][11194] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...203] [ip4][..udp] [......10.0.2.15][28681] -> [.120.156.204.38][54832] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...199] [ip4][..udp] [......10.0.2.15][28681] -> [..114.73.129.26][53585] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...207] [ip4][..udp] [......10.0.2.15][28681] -> [.81.242.191.215][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...208] [ip4][..udp] [......10.0.2.15][28681] -> [..81.249.64.215][25058] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...173] [ip4][..udp] [......10.0.2.15][28681] -> [..121.99.222.36][44988] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...212] [ip4][..udp] [......10.0.2.15][28681] -> [...36.233.3.223][12848] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...197] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...168] [ip4][..udp] [......10.0.2.15][28681] -> [...89.157.59.43][56919] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...215] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...164] [ip4][..udp] [......10.0.2.15][28681] -> [.142.197.219.85][26234] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...189] [ip4][..udp] [......10.0.2.15][28681] -> [115.195.105.243][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...179] [ip4][..udp] [......10.0.2.15][28681] -> [.178.51.146.115][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...186] [ip4][..udp] [......10.0.2.15][28681] -> [..91.182.44.202][30277] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...174] [ip4][..udp] [......10.0.2.15][28681] -> [..196.74.159.56][29271] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...165] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...188] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...177] [ip4][..udp] [......10.0.2.15][28681] -> [.69.157.183.106][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...205] [ip4][..udp] [......10.0.2.15][28681] -> [..96.29.197.138][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...182] [ip4][..udp] [......10.0.2.15][28681] -> [....73.3.103.37][35589] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...210] [ip4][..udp] [......10.0.2.15][28681] -> [.41.100.120.146][12838] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...218] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.52.115][53956] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...211] [ip4][..udp] [......10.0.2.15][28681] -> [..186.93.139.92][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...154] [ip4][..udp] [......10.0.2.15][28681] -> [174.115.111.224][51984] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...201] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...194] [ip4][..udp] [......10.0.2.15][28681] -> [176.150.126.156][16471] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...178] [ip4][..udp] [......10.0.2.15][28681] -> [....83.46.253.7][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...163] [ip4][..udp] [......10.0.2.15][28681] -> [.88.126.160.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...216] [ip4][..udp] [......10.0.2.15][28681] -> [.212.68.248.153][27223] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...204] [ip4][..udp] [......10.0.2.15][28681] -> [..84.126.240.32][45313] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...202] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic analyse: [....93] [ip4][..tcp] [......10.0.2.15][50248] -> [109.214.154.216][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] min| max| avg| stddev| variance| entropy [IAT.........: 0.001| 22.685| 3.465| 6.256| 39132462.055| 3.300] @@ -855,7 +1196,11 @@ [PKTLENS.....: 52,44,40,344,40,323,143,40,118,762,40,53,58,40,149,40,104,40,1064,45,40,122,40,70,40,213,40,52,40,123,40,62] [ENTROPIES...: 4.6,4.8,4.6,5.8,4.5,5.6,5.6,4.6,5.6,7.7,4.7,4.7,4.9,4.6,6.3,4.5,5.9,4.5,7.8,4.3,4.8,6.2,4.8,5.5,4.6,6.6,4.7,4.8,4.6,6.2,4.6,4.9] new: [...353] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][25282] + detected: [...353] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][25282] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...354] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][.1032] + detected: [...354] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][.1032] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...355] [ip4][..udp] [......10.0.2.15][28681] -> [.181.118.53.212][29998] detected: [...355] [ip4][..udp] [......10.0.2.15][28681] -> [.181.118.53.212][29998] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic @@ -883,10 +1228,12 @@ update: [...315] [ip4][..udp] [......10.0.2.15][28681] -> [...92.217.84.16][20223] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [....21] [ip4][..udp] [......10.0.2.15][55708] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] - update: [...305] [ip4][..udp] [......10.0.2.15][28681] -> [..88.168.175.31][.6346] + update: [...305] [ip4][..udp] [......10.0.2.15][28681] -> [..88.168.175.31][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...310] [ip4][..udp] [......10.0.2.15][28681] -> [.118.240.69.199][.6348] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...306] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] + update: [...306] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...265] [ip4][..udp] [......10.0.2.15][28681] -> [203.220.198.244][.1194] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...304] [ip4][..udp] [......10.0.2.15][28681] -> [.193.32.126.214][59596] @@ -1020,10 +1367,14 @@ RISK: Unsafe Protocol, Unidirectional Traffic update: [...338] [ip4][..udp] [......10.0.2.15][28681] -> [221.198.205.196][20778] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...134] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] - update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] - update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] - update: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] + update: [...134] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [....15] [ip4][..udp] [......10.0.2.15][63957] -> [239.255.255.250][.3702] [WSD][Unknown][Network][Acceptable] update: [....19] [ip4][..udp] [......10.0.2.15][63964] -> [239.255.255.250][.3702] [WSD][Unknown][Network][Acceptable] update: [...340] [ip4][..udp] [......10.0.2.15][28681] -> [.38.142.119.234][49732] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -1038,143 +1389,254 @@ update: [....13] [ip4][..udp] [......10.0.2.15][..137] -> [.....10.0.2.255][..137] [NetBIOS][Unknown][System][Acceptable] update: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous] RISK: Unsafe Protocol - update: [....96] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] + update: [....96] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [....16] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] - update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] + update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...344] [ip4][..udp] [......10.0.2.15][28681] -> [.207.38.163.228][.6778] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...100] [ip4][..udp] [......10.0.2.15][28681] -> [220.133.122.217][23458] - update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] - update: [...115] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.104][11804] - update: [...101] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] - update: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] + update: [...100] [ip4][..udp] [......10.0.2.15][28681] -> [220.133.122.217][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...115] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.104][11804] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...101] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [....14] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63958] -> [................................ff02::c][.3702] [WSD][Unknown][Network][Acceptable] update: [....18] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63965] -> [................................ff02::c][.3702] [WSD][Unknown][Network][Acceptable] - update: [...131] [ip4][..udp] [......10.0.2.15][28681] -> [.86.225.140.186][.6346] - update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] - update: [...106] [ip4][..udp] [......10.0.2.15][28681] -> [..114.39.154.69][.4832] - update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] - update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] + update: [...131] [ip4][..udp] [......10.0.2.15][28681] -> [.86.225.140.186][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...106] [ip4][..udp] [......10.0.2.15][28681] -> [..114.39.154.69][.4832] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...348] [ip4][..udp] [......10.0.2.15][28681] -> [...84.197.97.94][.1360] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [.....9] [ip4][..udp] [......10.0.2.15][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] - update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] + update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [....17] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63960] -> [................................ff02::c][.1900] [SSDP][Unknown][System][Acceptable] - update: [...136] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][16047] - update: [....86] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] + update: [...136] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][16047] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....86] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...346] [ip4][..udp] [......10.0.2.15][28681] -> [..76.226.85.105][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] + update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [....10] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable] - update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] - update: [...127] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.1024] + update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...127] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.1024] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...342] [ip4][..udp] [......10.0.2.15][28681] -> [..98.208.26.154][.4994] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...112] [ip4][..udp] [......10.0.2.15][28681] -> [.36.239.213.146][21750] - update: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] + update: [...112] [ip4][..udp] [......10.0.2.15][28681] -> [.36.239.213.146][21750] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...337] [ip4][..udp] [......10.0.2.15][28681] -> [..24.116.64.132][51227] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] + update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...347] [ip4][..udp] [......10.0.2.15][28681] -> [..176.10.169.10][12799] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] - update: [....99] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] - update: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] - update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] - update: [...107] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] - update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] - update: [...103] [ip4][..udp] [......10.0.2.15][28681] -> [.220.134.167.82][.5820] - update: [....97] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] - update: [...104] [ip4][..udp] [......10.0.2.15][28681] -> [..42.98.115.128][23458] + update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....99] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...107] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...103] [ip4][..udp] [......10.0.2.15][28681] -> [.220.134.167.82][.5820] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....97] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...104] [ip4][..udp] [......10.0.2.15][28681] -> [..42.98.115.128][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [.....7] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] - update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] - update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] - update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] - update: [...102] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] - update: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] + update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...102] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [....12] [ip4][..udp] [......10.0.2.15][63717] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] update: [...339] [ip4][..udp] [......10.0.2.15][28681] -> [..87.123.54.234][54130] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] - update: [...132] [ip4][..udp] [......10.0.2.15][28681] -> [...79.86.173.45][.6346] + update: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...132] [ip4][..udp] [......10.0.2.15][28681] -> [...79.86.173.45][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...341] [ip4][..udp] [......10.0.2.15][28681] -> [..24.129.233.60][19990] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] + update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [....11] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63717] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - update: [...110] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] - update: [...105] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] - update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] - update: [...170] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] - update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] - update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] - update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] - update: [...196] [ip4][..udp] [......10.0.2.15][28681] -> [..88.127.72.106][.6346] - update: [...354] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][.1032] - update: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] - update: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] - update: [...353] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][25282] + update: [...110] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...105] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...170] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...196] [ip4][..udp] [......10.0.2.15][28681] -> [..88.127.72.106][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...354] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][.1032] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...353] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][25282] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...220] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][.9239] - update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] - update: [...217] [ip4][..udp] [......10.0.2.15][28681] -> [.126.117.45.151][19323] - update: [...155] [ip4][..udp] [......10.0.2.15][28681] -> [.88.168.182.103][.6346] - update: [...198] [ip4][..udp] [......10.0.2.15][28681] -> [..58.182.171.50][15180] - update: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] - update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] - update: [...192] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] - update: [...181] [ip4][..udp] [......10.0.2.15][28681] -> [...66.177.5.135][.6346] - update: [...162] [ip4][..udp] [......10.0.2.15][28681] -> [.88.123.159.111][44729] - update: [...214] [ip4][..udp] [......10.0.2.15][28681] -> [.91.169.215.227][26820] - update: [...193] [ip4][..udp] [......10.0.2.15][28681] -> [..188.44.126.74][54633] - update: [...169] [ip4][..udp] [......10.0.2.15][28681] -> [...91.162.52.93][34799] - update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] - update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] - update: [...206] [ip4][..udp] [......10.0.2.15][28681] -> [213.166.132.204][11194] - update: [...203] [ip4][..udp] [......10.0.2.15][28681] -> [.120.156.204.38][54832] - update: [...199] [ip4][..udp] [......10.0.2.15][28681] -> [..114.73.129.26][53585] - update: [...207] [ip4][..udp] [......10.0.2.15][28681] -> [.81.242.191.215][.6346] - update: [...208] [ip4][..udp] [......10.0.2.15][28681] -> [..81.249.64.215][25058] - update: [...173] [ip4][..udp] [......10.0.2.15][28681] -> [..121.99.222.36][44988] - update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] - update: [...212] [ip4][..udp] [......10.0.2.15][28681] -> [...36.233.3.223][12848] - update: [...197] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] - update: [...168] [ip4][..udp] [......10.0.2.15][28681] -> [...89.157.59.43][56919] - update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] - update: [...215] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] - update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] - update: [...164] [ip4][..udp] [......10.0.2.15][28681] -> [.142.197.219.85][26234] - update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] - update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] - update: [...189] [ip4][..udp] [......10.0.2.15][28681] -> [115.195.105.243][.6346] - update: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] - update: [...179] [ip4][..udp] [......10.0.2.15][28681] -> [.178.51.146.115][.6346] - update: [...186] [ip4][..udp] [......10.0.2.15][28681] -> [..91.182.44.202][30277] - update: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] - update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] - update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] - update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] - update: [...174] [ip4][..udp] [......10.0.2.15][28681] -> [..196.74.159.56][29271] - update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] - update: [...165] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] - update: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] - update: [...188] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] - update: [...177] [ip4][..udp] [......10.0.2.15][28681] -> [.69.157.183.106][.6346] - update: [...205] [ip4][..udp] [......10.0.2.15][28681] -> [..96.29.197.138][.6346] - update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] - update: [...182] [ip4][..udp] [......10.0.2.15][28681] -> [....73.3.103.37][35589] - update: [...210] [ip4][..udp] [......10.0.2.15][28681] -> [.41.100.120.146][12838] - update: [...218] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.52.115][53956] - update: [...211] [ip4][..udp] [......10.0.2.15][28681] -> [..186.93.139.92][.6346] - update: [...351] [ip4][..udp] [......10.0.2.15][28681] -> [..187.37.87.189][.6346] - update: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] - update: [...154] [ip4][..udp] [......10.0.2.15][28681] -> [174.115.111.224][51984] - update: [...201] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] - update: [...194] [ip4][..udp] [......10.0.2.15][28681] -> [176.150.126.156][16471] - update: [...178] [ip4][..udp] [......10.0.2.15][28681] -> [....83.46.253.7][.6346] - update: [...163] [ip4][..udp] [......10.0.2.15][28681] -> [.88.126.160.158][.6346] - update: [...216] [ip4][..udp] [......10.0.2.15][28681] -> [.212.68.248.153][27223] - update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] - update: [...204] [ip4][..udp] [......10.0.2.15][28681] -> [..84.126.240.32][45313] - update: [...202] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] + update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...217] [ip4][..udp] [......10.0.2.15][28681] -> [.126.117.45.151][19323] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...155] [ip4][..udp] [......10.0.2.15][28681] -> [.88.168.182.103][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...198] [ip4][..udp] [......10.0.2.15][28681] -> [..58.182.171.50][15180] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...192] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...181] [ip4][..udp] [......10.0.2.15][28681] -> [...66.177.5.135][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...162] [ip4][..udp] [......10.0.2.15][28681] -> [.88.123.159.111][44729] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...214] [ip4][..udp] [......10.0.2.15][28681] -> [.91.169.215.227][26820] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...193] [ip4][..udp] [......10.0.2.15][28681] -> [..188.44.126.74][54633] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...169] [ip4][..udp] [......10.0.2.15][28681] -> [...91.162.52.93][34799] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...206] [ip4][..udp] [......10.0.2.15][28681] -> [213.166.132.204][11194] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...203] [ip4][..udp] [......10.0.2.15][28681] -> [.120.156.204.38][54832] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...199] [ip4][..udp] [......10.0.2.15][28681] -> [..114.73.129.26][53585] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...207] [ip4][..udp] [......10.0.2.15][28681] -> [.81.242.191.215][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...208] [ip4][..udp] [......10.0.2.15][28681] -> [..81.249.64.215][25058] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...173] [ip4][..udp] [......10.0.2.15][28681] -> [..121.99.222.36][44988] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...212] [ip4][..udp] [......10.0.2.15][28681] -> [...36.233.3.223][12848] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...197] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...168] [ip4][..udp] [......10.0.2.15][28681] -> [...89.157.59.43][56919] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...215] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...164] [ip4][..udp] [......10.0.2.15][28681] -> [.142.197.219.85][26234] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...189] [ip4][..udp] [......10.0.2.15][28681] -> [115.195.105.243][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...179] [ip4][..udp] [......10.0.2.15][28681] -> [.178.51.146.115][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...186] [ip4][..udp] [......10.0.2.15][28681] -> [..91.182.44.202][30277] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...174] [ip4][..udp] [......10.0.2.15][28681] -> [..196.74.159.56][29271] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...165] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...188] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...177] [ip4][..udp] [......10.0.2.15][28681] -> [.69.157.183.106][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...205] [ip4][..udp] [......10.0.2.15][28681] -> [..96.29.197.138][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...182] [ip4][..udp] [......10.0.2.15][28681] -> [....73.3.103.37][35589] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...210] [ip4][..udp] [......10.0.2.15][28681] -> [.41.100.120.146][12838] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...218] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.52.115][53956] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...211] [ip4][..udp] [......10.0.2.15][28681] -> [..186.93.139.92][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...351] [ip4][..udp] [......10.0.2.15][28681] -> [..187.37.87.189][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...154] [ip4][..udp] [......10.0.2.15][28681] -> [174.115.111.224][51984] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...201] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...194] [ip4][..udp] [......10.0.2.15][28681] -> [176.150.126.156][16471] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...178] [ip4][..udp] [......10.0.2.15][28681] -> [....83.46.253.7][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...163] [ip4][..udp] [......10.0.2.15][28681] -> [.88.126.160.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...216] [ip4][..udp] [......10.0.2.15][28681] -> [.212.68.248.153][27223] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...204] [ip4][..udp] [......10.0.2.15][28681] -> [..84.126.240.32][45313] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...202] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic analyse: [....94] [ip4][..tcp] [......10.0.2.15][50249] -> [.86.208.180.181][45883] [Gnutella][Unknown][Download][Potentially Dangerous] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 55.455| 7.491| 14.262| 203411798.622| 3.200] @@ -1246,10 +1708,12 @@ RISK: Unsafe Protocol, Unidirectional Traffic update: [...357] [ip4][..udp] [......10.0.2.15][28681] -> [...98.35.85.238][32173] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...305] [ip4][..udp] [......10.0.2.15][28681] -> [..88.168.175.31][.6346] + update: [...305] [ip4][..udp] [......10.0.2.15][28681] -> [..88.168.175.31][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...310] [ip4][..udp] [......10.0.2.15][28681] -> [.118.240.69.199][.6348] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...306] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] + update: [...306] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...265] [ip4][..udp] [......10.0.2.15][28681] -> [203.220.198.244][.1194] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...304] [ip4][..udp] [......10.0.2.15][28681] -> [.193.32.126.214][59596] @@ -1450,12 +1914,16 @@ RISK: Unsafe Protocol update: [...338] [ip4][..udp] [......10.0.2.15][28681] -> [221.198.205.196][20778] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...134] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] - update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] - update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] + update: [...134] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...366] [ip4][..udp] [......10.0.2.15][28681] -> [....94.8.55.158][51140] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] + update: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...365] [ip4][..udp] [......10.0.2.15][28681] -> [..188.23.24.213][18561] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...340] [ip4][..udp] [......10.0.2.15][28681] -> [.38.142.119.234][49732] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -1466,157 +1934,278 @@ RISK: Unsafe Protocol, Unidirectional Traffic update: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous] RISK: Unsafe Protocol - update: [....96] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] - update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] + update: [....96] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...344] [ip4][..udp] [......10.0.2.15][28681] -> [.207.38.163.228][.6778] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...100] [ip4][..udp] [......10.0.2.15][28681] -> [220.133.122.217][23458] - update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] - update: [...115] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.104][11804] - update: [...101] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] - update: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] - update: [...131] [ip4][..udp] [......10.0.2.15][28681] -> [.86.225.140.186][.6346] - update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] - update: [...106] [ip4][..udp] [......10.0.2.15][28681] -> [..114.39.154.69][.4832] - update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] - update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] + update: [...100] [ip4][..udp] [......10.0.2.15][28681] -> [220.133.122.217][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...115] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.104][11804] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...101] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...131] [ip4][..udp] [......10.0.2.15][28681] -> [.86.225.140.186][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...106] [ip4][..udp] [......10.0.2.15][28681] -> [..114.39.154.69][.4832] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...348] [ip4][..udp] [......10.0.2.15][28681] -> [...84.197.97.94][.1360] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...368] [ip4][..udp] [......10.0.2.15][28681] -> [...47.147.52.21][36728] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [.....9] [ip4][..udp] [......10.0.2.15][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] - update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] + update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...363] [ip4][..udp] [......10.0.2.15][28681] -> [...81.205.91.45][38297] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...136] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][16047] - update: [....86] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] + update: [...136] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][16047] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....86] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...346] [ip4][..udp] [......10.0.2.15][28681] -> [..76.226.85.105][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] + update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [....10] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable] - update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] - update: [...127] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.1024] + update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...127] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.1024] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...342] [ip4][..udp] [......10.0.2.15][28681] -> [..98.208.26.154][.4994] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...112] [ip4][..udp] [......10.0.2.15][28681] -> [.36.239.213.146][21750] - update: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] + update: [...112] [ip4][..udp] [......10.0.2.15][28681] -> [.36.239.213.146][21750] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...337] [ip4][..udp] [......10.0.2.15][28681] -> [..24.116.64.132][51227] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] + update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...347] [ip4][..udp] [......10.0.2.15][28681] -> [..176.10.169.10][12799] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] - update: [....99] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] - update: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] - update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] - update: [...107] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] - update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] - update: [...103] [ip4][..udp] [......10.0.2.15][28681] -> [.220.134.167.82][.5820] - update: [....97] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] - update: [...104] [ip4][..udp] [......10.0.2.15][28681] -> [..42.98.115.128][23458] + update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....99] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...107] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...103] [ip4][..udp] [......10.0.2.15][28681] -> [.220.134.167.82][.5820] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....97] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...104] [ip4][..udp] [......10.0.2.15][28681] -> [..42.98.115.128][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [.....7] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] update: [...364] [ip4][..udp] [......10.0.2.15][28681] -> [194.163.180.126][10825] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] - update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] - update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] - update: [...102] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] - update: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] + update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...102] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...339] [ip4][..udp] [......10.0.2.15][28681] -> [..87.123.54.234][54130] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] - update: [...132] [ip4][..udp] [......10.0.2.15][28681] -> [...79.86.173.45][.6346] + update: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...132] [ip4][..udp] [......10.0.2.15][28681] -> [...79.86.173.45][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...341] [ip4][..udp] [......10.0.2.15][28681] -> [..24.129.233.60][19990] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] - update: [...110] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] + update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...110] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...367] [ip4][..udp] [......10.0.2.15][28681] -> [.149.28.163.175][49956] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...105] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] - update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] + update: [...105] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...370] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.56.198][11984] + detected: [...370] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.56.198][11984] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...371] [ip4][..udp] [......10.0.2.15][28681] -> [.109.131.202.24][44748] + detected: [...371] [ip4][..udp] [......10.0.2.15][28681] -> [.109.131.202.24][44748] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...372] [ip4][..udp] [......10.0.2.15][28681] -> [.91.179.185.126][.6346] + detected: [...372] [ip4][..udp] [......10.0.2.15][28681] -> [.91.179.185.126][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...373] [ip4][..udp] [......10.0.2.15][28681] -> [..88.122.233.15][11488] + detected: [...373] [ip4][..udp] [......10.0.2.15][28681] -> [..88.122.233.15][11488] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...374] [ip4][..udp] [......10.0.2.15][28681] -> [....62.35.190.5][18604] + detected: [...374] [ip4][..udp] [......10.0.2.15][28681] -> [....62.35.190.5][18604] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [....21] [ip4][..udp] [......10.0.2.15][55708] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] idle: [.....9] [ip4][..udp] [......10.0.2.15][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] end: [...267] [ip4][..tcp] [......10.0.2.15][50291] -> [..200.7.155.210][28365] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol idle: [....10] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable] - update: [...170] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] - update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] - update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] - update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] - update: [...196] [ip4][..udp] [......10.0.2.15][28681] -> [..88.127.72.106][.6346] - update: [...354] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][.1032] - update: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] - update: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] - update: [...353] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][25282] + update: [...170] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...196] [ip4][..udp] [......10.0.2.15][28681] -> [..88.127.72.106][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...354] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][.1032] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...353] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][25282] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...220] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][.9239] - update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] - update: [...217] [ip4][..udp] [......10.0.2.15][28681] -> [.126.117.45.151][19323] - update: [...155] [ip4][..udp] [......10.0.2.15][28681] -> [.88.168.182.103][.6346] - update: [...198] [ip4][..udp] [......10.0.2.15][28681] -> [..58.182.171.50][15180] - update: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] - update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] - update: [...192] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] - update: [...181] [ip4][..udp] [......10.0.2.15][28681] -> [...66.177.5.135][.6346] - update: [...162] [ip4][..udp] [......10.0.2.15][28681] -> [.88.123.159.111][44729] - update: [...214] [ip4][..udp] [......10.0.2.15][28681] -> [.91.169.215.227][26820] - update: [...193] [ip4][..udp] [......10.0.2.15][28681] -> [..188.44.126.74][54633] - update: [...169] [ip4][..udp] [......10.0.2.15][28681] -> [...91.162.52.93][34799] - update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] - update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] - update: [...206] [ip4][..udp] [......10.0.2.15][28681] -> [213.166.132.204][11194] - update: [...203] [ip4][..udp] [......10.0.2.15][28681] -> [.120.156.204.38][54832] - update: [...199] [ip4][..udp] [......10.0.2.15][28681] -> [..114.73.129.26][53585] - update: [...207] [ip4][..udp] [......10.0.2.15][28681] -> [.81.242.191.215][.6346] - update: [...208] [ip4][..udp] [......10.0.2.15][28681] -> [..81.249.64.215][25058] - update: [...173] [ip4][..udp] [......10.0.2.15][28681] -> [..121.99.222.36][44988] - update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] - update: [...212] [ip4][..udp] [......10.0.2.15][28681] -> [...36.233.3.223][12848] - update: [...197] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] - update: [...168] [ip4][..udp] [......10.0.2.15][28681] -> [...89.157.59.43][56919] - update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] - update: [...215] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] - update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] - update: [...164] [ip4][..udp] [......10.0.2.15][28681] -> [.142.197.219.85][26234] - update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] - update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] - update: [...189] [ip4][..udp] [......10.0.2.15][28681] -> [115.195.105.243][.6346] - update: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] - update: [...179] [ip4][..udp] [......10.0.2.15][28681] -> [.178.51.146.115][.6346] - update: [...186] [ip4][..udp] [......10.0.2.15][28681] -> [..91.182.44.202][30277] - update: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] - update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] - update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] - update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] - update: [...174] [ip4][..udp] [......10.0.2.15][28681] -> [..196.74.159.56][29271] - update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] + update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...217] [ip4][..udp] [......10.0.2.15][28681] -> [.126.117.45.151][19323] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...155] [ip4][..udp] [......10.0.2.15][28681] -> [.88.168.182.103][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...198] [ip4][..udp] [......10.0.2.15][28681] -> [..58.182.171.50][15180] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...192] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...181] [ip4][..udp] [......10.0.2.15][28681] -> [...66.177.5.135][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...162] [ip4][..udp] [......10.0.2.15][28681] -> [.88.123.159.111][44729] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...214] [ip4][..udp] [......10.0.2.15][28681] -> [.91.169.215.227][26820] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...193] [ip4][..udp] [......10.0.2.15][28681] -> [..188.44.126.74][54633] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...169] [ip4][..udp] [......10.0.2.15][28681] -> [...91.162.52.93][34799] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...206] [ip4][..udp] [......10.0.2.15][28681] -> [213.166.132.204][11194] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...203] [ip4][..udp] [......10.0.2.15][28681] -> [.120.156.204.38][54832] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...199] [ip4][..udp] [......10.0.2.15][28681] -> [..114.73.129.26][53585] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...207] [ip4][..udp] [......10.0.2.15][28681] -> [.81.242.191.215][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...208] [ip4][..udp] [......10.0.2.15][28681] -> [..81.249.64.215][25058] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...173] [ip4][..udp] [......10.0.2.15][28681] -> [..121.99.222.36][44988] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...212] [ip4][..udp] [......10.0.2.15][28681] -> [...36.233.3.223][12848] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...197] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...168] [ip4][..udp] [......10.0.2.15][28681] -> [...89.157.59.43][56919] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...215] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...164] [ip4][..udp] [......10.0.2.15][28681] -> [.142.197.219.85][26234] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...189] [ip4][..udp] [......10.0.2.15][28681] -> [115.195.105.243][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...179] [ip4][..udp] [......10.0.2.15][28681] -> [.178.51.146.115][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...186] [ip4][..udp] [......10.0.2.15][28681] -> [..91.182.44.202][30277] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...174] [ip4][..udp] [......10.0.2.15][28681] -> [..196.74.159.56][29271] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...349] [ip4][.icmp] [...84.197.97.94] -> [......10.0.2.15] [ICMP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic - update: [...165] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] - update: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] - update: [...188] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] - update: [...177] [ip4][..udp] [......10.0.2.15][28681] -> [.69.157.183.106][.6346] - update: [...205] [ip4][..udp] [......10.0.2.15][28681] -> [..96.29.197.138][.6346] - update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] - update: [...182] [ip4][..udp] [......10.0.2.15][28681] -> [....73.3.103.37][35589] - update: [...210] [ip4][..udp] [......10.0.2.15][28681] -> [.41.100.120.146][12838] - update: [...218] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.52.115][53956] - update: [...211] [ip4][..udp] [......10.0.2.15][28681] -> [..186.93.139.92][.6346] - update: [...351] [ip4][..udp] [......10.0.2.15][28681] -> [..187.37.87.189][.6346] - update: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] - update: [...154] [ip4][..udp] [......10.0.2.15][28681] -> [174.115.111.224][51984] - update: [...201] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] - update: [...194] [ip4][..udp] [......10.0.2.15][28681] -> [176.150.126.156][16471] - update: [...178] [ip4][..udp] [......10.0.2.15][28681] -> [....83.46.253.7][.6346] - update: [...163] [ip4][..udp] [......10.0.2.15][28681] -> [.88.126.160.158][.6346] - update: [...216] [ip4][..udp] [......10.0.2.15][28681] -> [.212.68.248.153][27223] - update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] - update: [...204] [ip4][..udp] [......10.0.2.15][28681] -> [..84.126.240.32][45313] - update: [...202] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] + update: [...165] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...188] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...177] [ip4][..udp] [......10.0.2.15][28681] -> [.69.157.183.106][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...205] [ip4][..udp] [......10.0.2.15][28681] -> [..96.29.197.138][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...182] [ip4][..udp] [......10.0.2.15][28681] -> [....73.3.103.37][35589] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...210] [ip4][..udp] [......10.0.2.15][28681] -> [.41.100.120.146][12838] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...218] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.52.115][53956] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...211] [ip4][..udp] [......10.0.2.15][28681] -> [..186.93.139.92][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...351] [ip4][..udp] [......10.0.2.15][28681] -> [..187.37.87.189][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...154] [ip4][..udp] [......10.0.2.15][28681] -> [174.115.111.224][51984] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...201] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...194] [ip4][..udp] [......10.0.2.15][28681] -> [176.150.126.156][16471] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...178] [ip4][..udp] [......10.0.2.15][28681] -> [....83.46.253.7][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...163] [ip4][..udp] [......10.0.2.15][28681] -> [.88.126.160.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...216] [ip4][..udp] [......10.0.2.15][28681] -> [.212.68.248.153][27223] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...204] [ip4][..udp] [......10.0.2.15][28681] -> [..84.126.240.32][45313] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...202] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...375] [ip4][..udp] [......10.0.2.15][28681] -> [..73.182.136.42][27873] new: [...376] [ip4][..udp] [......10.0.2.15][28681] -> [....156.57.42.2][33476] new: [...377] [ip4][..udp] [......10.0.2.15][28681] -> [.180.200.236.13][12082] @@ -1662,10 +2251,12 @@ RISK: Unsafe Protocol, Unidirectional Traffic update: [...357] [ip4][..udp] [......10.0.2.15][28681] -> [...98.35.85.238][32173] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...305] [ip4][..udp] [......10.0.2.15][28681] -> [..88.168.175.31][.6346] + update: [...305] [ip4][..udp] [......10.0.2.15][28681] -> [..88.168.175.31][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...310] [ip4][..udp] [......10.0.2.15][28681] -> [.118.240.69.199][.6348] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...306] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] + update: [...306] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...265] [ip4][..udp] [......10.0.2.15][28681] -> [203.220.198.244][.1194] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...304] [ip4][..udp] [......10.0.2.15][28681] -> [.193.32.126.214][59596] @@ -1728,46 +2319,128 @@ update: [...312] [ip4][..udp] [......10.0.2.15][28681] -> [..24.167.201.53][47282] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic new: [...400] [ip4][..udp] [......10.0.2.15][28681] -> [..129.45.47.167][.6346] + detected: [...400] [ip4][..udp] [......10.0.2.15][28681] -> [..129.45.47.167][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...401] [ip4][..udp] [......10.0.2.15][28681] -> [.173.178.192.76][.6346] + detected: [...401] [ip4][..udp] [......10.0.2.15][28681] -> [.173.178.192.76][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...402] [ip4][..udp] [......10.0.2.15][28681] -> [...78.219.202.2][.6346] + detected: [...402] [ip4][..udp] [......10.0.2.15][28681] -> [...78.219.202.2][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...403] [ip4][..udp] [......10.0.2.15][28681] -> [197.244.171.132][.6346] + detected: [...403] [ip4][..udp] [......10.0.2.15][28681] -> [197.244.171.132][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...404] [ip4][..udp] [......10.0.2.15][28681] -> [.86.234.216.251][17845] + detected: [...404] [ip4][..udp] [......10.0.2.15][28681] -> [.86.234.216.251][17845] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...405] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.31.118][.6346] + detected: [...405] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.31.118][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...406] [ip4][..udp] [......10.0.2.15][28681] -> [....109.27.3.68][57380] + detected: [...406] [ip4][..udp] [......10.0.2.15][28681] -> [....109.27.3.68][57380] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...407] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][.6346] + detected: [...407] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...408] [ip4][..udp] [......10.0.2.15][28681] -> [...90.103.2.245][.6346] + detected: [...408] [ip4][..udp] [......10.0.2.15][28681] -> [...90.103.2.245][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...409] [ip4][..udp] [......10.0.2.15][28681] -> [...86.194.53.68][33770] + detected: [...409] [ip4][..udp] [......10.0.2.15][28681] -> [...86.194.53.68][33770] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...410] [ip4][..udp] [......10.0.2.15][28681] -> [..93.28.130.131][.6346] + detected: [...410] [ip4][..udp] [......10.0.2.15][28681] -> [..93.28.130.131][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...411] [ip4][..udp] [......10.0.2.15][28681] -> [...89.143.28.64][.6346] + detected: [...411] [ip4][..udp] [......10.0.2.15][28681] -> [...89.143.28.64][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...412] [ip4][..udp] [......10.0.2.15][28681] -> [...58.177.52.73][.6346] + detected: [...412] [ip4][..udp] [......10.0.2.15][28681] -> [...58.177.52.73][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...413] [ip4][..udp] [......10.0.2.15][28681] -> [...87.65.188.29][24676] + detected: [...413] [ip4][..udp] [......10.0.2.15][28681] -> [...87.65.188.29][24676] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...414] [ip4][..udp] [......10.0.2.15][28681] -> [175.181.156.244][.8255] + detected: [...414] [ip4][..udp] [......10.0.2.15][28681] -> [175.181.156.244][.8255] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...415] [ip4][..udp] [......10.0.2.15][28681] -> [..90.247.160.96][17817] + detected: [...415] [ip4][..udp] [......10.0.2.15][28681] -> [..90.247.160.96][17817] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...416] [ip4][..udp] [......10.0.2.15][28681] -> [..92.139.61.103][24096] + detected: [...416] [ip4][..udp] [......10.0.2.15][28681] -> [..92.139.61.103][24096] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...417] [ip4][..udp] [......10.0.2.15][28681] -> [.94.187.236.179][.6346] + detected: [...417] [ip4][..udp] [......10.0.2.15][28681] -> [.94.187.236.179][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...418] [ip4][..udp] [......10.0.2.15][28681] -> [.75.129.149.103][.6346] + detected: [...418] [ip4][..udp] [......10.0.2.15][28681] -> [.75.129.149.103][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...419] [ip4][..udp] [......10.0.2.15][28681] -> [...78.193.236.8][46557] + detected: [...419] [ip4][..udp] [......10.0.2.15][28681] -> [...78.193.236.8][46557] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...420] [ip4][..udp] [......10.0.2.15][28681] -> [..86.227.127.34][.6346] + detected: [...420] [ip4][..udp] [......10.0.2.15][28681] -> [..86.227.127.34][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...421] [ip4][..udp] [......10.0.2.15][28681] -> [..175.182.39.11][12977] + detected: [...421] [ip4][..udp] [......10.0.2.15][28681] -> [..175.182.39.11][12977] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...422] [ip4][..udp] [......10.0.2.15][28681] -> [..88.123.35.219][42211] + detected: [...422] [ip4][..udp] [......10.0.2.15][28681] -> [..88.123.35.219][42211] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...423] [ip4][..udp] [......10.0.2.15][28681] -> [..119.247.6.226][.9713] + detected: [...423] [ip4][..udp] [......10.0.2.15][28681] -> [..119.247.6.226][.9713] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...424] [ip4][..udp] [......10.0.2.15][28681] -> [..93.15.216.216][.6346] + detected: [...424] [ip4][..udp] [......10.0.2.15][28681] -> [..93.15.216.216][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...425] [ip4][..udp] [......10.0.2.15][28681] -> [..145.82.53.165][.6346] + detected: [...425] [ip4][..udp] [......10.0.2.15][28681] -> [..145.82.53.165][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...426] [ip4][..udp] [......10.0.2.15][28681] -> [..219.71.44.121][14398] + detected: [...426] [ip4][..udp] [......10.0.2.15][28681] -> [..219.71.44.121][14398] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...427] [ip4][..udp] [......10.0.2.15][28681] -> [...81.249.13.30][15138] + detected: [...427] [ip4][..udp] [......10.0.2.15][28681] -> [...81.249.13.30][15138] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...428] [ip4][..udp] [......10.0.2.15][28681] -> [....86.162.97.8][.6346] + detected: [...428] [ip4][..udp] [......10.0.2.15][28681] -> [....86.162.97.8][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...429] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.215.213][23576] + detected: [...429] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.215.213][23576] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...430] [ip4][..udp] [......10.0.2.15][28681] -> [....90.8.95.165][40763] + detected: [...430] [ip4][..udp] [......10.0.2.15][28681] -> [....90.8.95.165][40763] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...431] [ip4][..udp] [......10.0.2.15][28681] -> [..88.124.71.246][49035] + detected: [...431] [ip4][..udp] [......10.0.2.15][28681] -> [..88.124.71.246][49035] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...432] [ip4][..udp] [......10.0.2.15][28681] -> [...104.6.118.53][.6346] + detected: [...432] [ip4][..udp] [......10.0.2.15][28681] -> [...104.6.118.53][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...433] [ip4][..udp] [......10.0.2.15][28681] -> [.99.255.145.191][47264] + detected: [...433] [ip4][..udp] [......10.0.2.15][28681] -> [.99.255.145.191][47264] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...434] [ip4][..udp] [......10.0.2.15][28681] -> [.114.24.182.130][22232] + detected: [...434] [ip4][..udp] [......10.0.2.15][28681] -> [.114.24.182.130][22232] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...435] [ip4][..udp] [......10.0.2.15][28681] -> [.109.24.146.101][.6346] + detected: [...435] [ip4][..udp] [......10.0.2.15][28681] -> [.109.24.146.101][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...436] [ip4][..udp] [......10.0.2.15][28681] -> [.219.68.179.137][.6406] + detected: [...436] [ip4][..udp] [......10.0.2.15][28681] -> [.219.68.179.137][.6406] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...437] [ip4][..udp] [......10.0.2.15][28681] -> [....31.38.163.2][.6346] + detected: [...437] [ip4][..udp] [......10.0.2.15][28681] -> [....31.38.163.2][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...438] [ip4][..udp] [......10.0.2.15][28681] -> [..71.86.190.163][14142] + detected: [...438] [ip4][..udp] [......10.0.2.15][28681] -> [..71.86.190.163][14142] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...439] [ip4][..udp] [......10.0.2.15][28681] -> [..176.135.15.86][.6346] + detected: [...439] [ip4][..udp] [......10.0.2.15][28681] -> [..176.135.15.86][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...440] [ip4][..udp] [......10.0.2.15][28681] -> [203.165.170.112][37087] + detected: [...440] [ip4][..udp] [......10.0.2.15][28681] -> [203.165.170.112][37087] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...441] [ip4][..udp] [......10.0.2.15][28681] -> [.36.237.199.108][56040] new: [...442] [ip4][..udp] [......10.0.2.15][28681] -> [..89.204.130.55][29545] new: [...443] [ip4][..udp] [......10.0.2.15][28681] -> [..183.179.14.31][54754] @@ -1793,9 +2466,17 @@ new: [...463] [ip4][..udp] [......10.0.2.15][28681] -> [..200.7.155.210][28365] new: [...464] [ip4][..udp] [......10.0.2.15][28681] -> [...101.128.66.8][34512] new: [...465] [ip4][..udp] [......10.0.2.15][28681] -> [.....2.28.39.18][15672] + detected: [...465] [ip4][..udp] [......10.0.2.15][28681] -> [.....2.28.39.18][15672] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...466] [ip4][..udp] [......10.0.2.15][28681] -> [...70.119.248.5][49929] + detected: [...466] [ip4][..udp] [......10.0.2.15][28681] -> [...70.119.248.5][49929] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...467] [ip4][..udp] [......10.0.2.15][28681] -> [...61.64.177.53][23458] + detected: [...467] [ip4][..udp] [......10.0.2.15][28681] -> [...61.64.177.53][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...468] [ip4][..udp] [......10.0.2.15][28681] -> [..94.214.12.247][44001] + detected: [...468] [ip4][..udp] [......10.0.2.15][28681] -> [..94.214.12.247][44001] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...469] [ip4][..udp] [......10.0.2.15][28681] -> [..87.123.54.234][47184] new: [...470] [ip4][..udp] [......10.0.2.15][28681] -> [.185.187.74.173][46790] new: [...471] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][43457] @@ -1809,184 +2490,153 @@ new: [...479] [ip4][..udp] [......10.0.2.15][28681] -> [.123.205.13.148][51896] new: [...480] [ip4][..udp] [......10.0.2.15][28681] -> [..112.119.74.26][65498] new: [...481] [ip4][..udp] [......10.0.2.15][28681] -> [..82.120.219.74][.6346] + detected: [...481] [ip4][..udp] [......10.0.2.15][28681] -> [..82.120.219.74][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...482] [ip4][..udp] [......10.0.2.15][28681] -> [..86.193.23.172][42227] + detected: [...482] [ip4][..udp] [......10.0.2.15][28681] -> [..86.193.23.172][42227] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...483] [ip4][..udp] [.......10.0.2.2][.1026] -> [......10.0.2.15][28681] new: [...484] [ip4][..udp] [......10.0.2.15][28681] -> [...107.4.56.177][10000] + detected: [...484] [ip4][..udp] [......10.0.2.15][28681] -> [...107.4.56.177][10000] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...485] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.209][.6346] + detected: [...485] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.209][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...486] [ip4][..udp] [......10.0.2.15][28681] -> [...88.68.45.203][.6346] + detected: [...486] [ip4][..udp] [......10.0.2.15][28681] -> [...88.68.45.203][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [....54] [ip4][..udp] [......10.0.2.15][57623] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] - not-detected: [....96] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [....96] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] - not-detected: [...100] [ip4][..udp] [......10.0.2.15][28681] -> [220.133.122.217][23458] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...100] [ip4][..udp] [......10.0.2.15][28681] -> [220.133.122.217][23458] - not-detected: [...115] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.104][11804] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...115] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.104][11804] - not-detected: [...101] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...101] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] + idle: [....96] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...100] [ip4][..udp] [......10.0.2.15][28681] -> [220.133.122.217][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...115] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.104][11804] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...101] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic end: [...345] [ip4][..tcp] [......10.0.2.15][50330] -> [.69.118.162.229][46906] [HTTP.Gnutella][Unknown][Download][Potentially Dangerous] RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol - not-detected: [...131] [ip4][..udp] [......10.0.2.15][28681] -> [.86.225.140.186][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...131] [ip4][..udp] [......10.0.2.15][28681] -> [.86.225.140.186][.6346] - not-detected: [...106] [ip4][..udp] [......10.0.2.15][28681] -> [..114.39.154.69][.4832] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...106] [ip4][..udp] [......10.0.2.15][28681] -> [..114.39.154.69][.4832] - not-detected: [....86] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [....86] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] - not-detected: [...127] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.1024] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...127] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.1024] - not-detected: [...112] [ip4][..udp] [......10.0.2.15][28681] -> [.36.239.213.146][21750] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...112] [ip4][..udp] [......10.0.2.15][28681] -> [.36.239.213.146][21750] - not-detected: [....99] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [....99] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] + idle: [...131] [ip4][..udp] [......10.0.2.15][28681] -> [.86.225.140.186][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...106] [ip4][..udp] [......10.0.2.15][28681] -> [..114.39.154.69][.4832] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [....86] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...127] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.1024] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...112] [ip4][..udp] [......10.0.2.15][28681] -> [.36.239.213.146][21750] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [....99] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [...349] [ip4][.icmp] [...84.197.97.94] -> [......10.0.2.15] [ICMP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic - not-detected: [...107] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...107] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] - not-detected: [...103] [ip4][..udp] [......10.0.2.15][28681] -> [.220.134.167.82][.5820] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...103] [ip4][..udp] [......10.0.2.15][28681] -> [.220.134.167.82][.5820] - not-detected: [....97] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [....97] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] - not-detected: [...104] [ip4][..udp] [......10.0.2.15][28681] -> [..42.98.115.128][23458] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...104] [ip4][..udp] [......10.0.2.15][28681] -> [..42.98.115.128][23458] + idle: [...107] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...103] [ip4][..udp] [......10.0.2.15][28681] -> [.220.134.167.82][.5820] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [....97] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...104] [ip4][..udp] [......10.0.2.15][28681] -> [..42.98.115.128][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [.....7] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] - not-detected: [...102] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...102] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] - not-detected: [...132] [ip4][..udp] [......10.0.2.15][28681] -> [...79.86.173.45][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...132] [ip4][..udp] [......10.0.2.15][28681] -> [...79.86.173.45][.6346] - not-detected: [...110] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...110] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] - not-detected: [...105] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...105] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] + idle: [...102] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...132] [ip4][..udp] [......10.0.2.15][28681] -> [...79.86.173.45][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...110] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...105] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...487] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] + detected: [...487] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...488] [ip4][..udp] [......10.0.2.15][28681] -> [.183.179.90.112][.9852] + detected: [...488] [ip4][..udp] [......10.0.2.15][28681] -> [.183.179.90.112][.9852] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...489] [ip4][..udp] [......10.0.2.15][28681] -> [...108.44.45.25][.6346] + detected: [...489] [ip4][..udp] [......10.0.2.15][28681] -> [...108.44.45.25][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...490] [ip4][..udp] [......10.0.2.15][28681] -> [...90.3.215.132][20356] + detected: [...490] [ip4][..udp] [......10.0.2.15][28681] -> [...90.3.215.132][20356] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...491] [ip4][..udp] [......10.0.2.15][28681] -> [..36.233.42.210][.5512] + detected: [...491] [ip4][..udp] [......10.0.2.15][28681] -> [..36.233.42.210][.5512] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...492] [ip4][..udp] [......10.0.2.15][28681] -> [...172.94.41.71][.6346] - not-detected: [...170] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...170] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] - not-detected: [...196] [ip4][..udp] [......10.0.2.15][28681] -> [..88.127.72.106][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...196] [ip4][..udp] [......10.0.2.15][28681] -> [..88.127.72.106][.6346] + detected: [...492] [ip4][..udp] [......10.0.2.15][28681] -> [...172.94.41.71][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...170] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...196] [ip4][..udp] [......10.0.2.15][28681] -> [..88.127.72.106][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...220] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][.9239] [Unknown][Unknown][Unrated] idle: [...220] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][.9239] - not-detected: [...217] [ip4][..udp] [......10.0.2.15][28681] -> [.126.117.45.151][19323] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...217] [ip4][..udp] [......10.0.2.15][28681] -> [.126.117.45.151][19323] - not-detected: [...155] [ip4][..udp] [......10.0.2.15][28681] -> [.88.168.182.103][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...155] [ip4][..udp] [......10.0.2.15][28681] -> [.88.168.182.103][.6346] - not-detected: [...198] [ip4][..udp] [......10.0.2.15][28681] -> [..58.182.171.50][15180] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...198] [ip4][..udp] [......10.0.2.15][28681] -> [..58.182.171.50][15180] - not-detected: [...192] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...192] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] - not-detected: [...181] [ip4][..udp] [......10.0.2.15][28681] -> [...66.177.5.135][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...181] [ip4][..udp] [......10.0.2.15][28681] -> [...66.177.5.135][.6346] - not-detected: [...162] [ip4][..udp] [......10.0.2.15][28681] -> [.88.123.159.111][44729] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...162] [ip4][..udp] [......10.0.2.15][28681] -> [.88.123.159.111][44729] - not-detected: [...214] [ip4][..udp] [......10.0.2.15][28681] -> [.91.169.215.227][26820] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...214] [ip4][..udp] [......10.0.2.15][28681] -> [.91.169.215.227][26820] - not-detected: [...193] [ip4][..udp] [......10.0.2.15][28681] -> [..188.44.126.74][54633] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...193] [ip4][..udp] [......10.0.2.15][28681] -> [..188.44.126.74][54633] - not-detected: [...169] [ip4][..udp] [......10.0.2.15][28681] -> [...91.162.52.93][34799] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...169] [ip4][..udp] [......10.0.2.15][28681] -> [...91.162.52.93][34799] - not-detected: [...206] [ip4][..udp] [......10.0.2.15][28681] -> [213.166.132.204][11194] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...206] [ip4][..udp] [......10.0.2.15][28681] -> [213.166.132.204][11194] - not-detected: [...203] [ip4][..udp] [......10.0.2.15][28681] -> [.120.156.204.38][54832] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...203] [ip4][..udp] [......10.0.2.15][28681] -> [.120.156.204.38][54832] - not-detected: [...199] [ip4][..udp] [......10.0.2.15][28681] -> [..114.73.129.26][53585] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...199] [ip4][..udp] [......10.0.2.15][28681] -> [..114.73.129.26][53585] - not-detected: [...207] [ip4][..udp] [......10.0.2.15][28681] -> [.81.242.191.215][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...207] [ip4][..udp] [......10.0.2.15][28681] -> [.81.242.191.215][.6346] - not-detected: [...208] [ip4][..udp] [......10.0.2.15][28681] -> [..81.249.64.215][25058] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...208] [ip4][..udp] [......10.0.2.15][28681] -> [..81.249.64.215][25058] - not-detected: [...212] [ip4][..udp] [......10.0.2.15][28681] -> [...36.233.3.223][12848] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...212] [ip4][..udp] [......10.0.2.15][28681] -> [...36.233.3.223][12848] - not-detected: [...197] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...197] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] - not-detected: [...168] [ip4][..udp] [......10.0.2.15][28681] -> [...89.157.59.43][56919] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...168] [ip4][..udp] [......10.0.2.15][28681] -> [...89.157.59.43][56919] - not-detected: [...215] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...215] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] - not-detected: [...189] [ip4][..udp] [......10.0.2.15][28681] -> [115.195.105.243][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...189] [ip4][..udp] [......10.0.2.15][28681] -> [115.195.105.243][.6346] - not-detected: [...179] [ip4][..udp] [......10.0.2.15][28681] -> [.178.51.146.115][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...179] [ip4][..udp] [......10.0.2.15][28681] -> [.178.51.146.115][.6346] - not-detected: [...186] [ip4][..udp] [......10.0.2.15][28681] -> [..91.182.44.202][30277] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...186] [ip4][..udp] [......10.0.2.15][28681] -> [..91.182.44.202][30277] - not-detected: [...174] [ip4][..udp] [......10.0.2.15][28681] -> [..196.74.159.56][29271] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...174] [ip4][..udp] [......10.0.2.15][28681] -> [..196.74.159.56][29271] - not-detected: [...205] [ip4][..udp] [......10.0.2.15][28681] -> [..96.29.197.138][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...205] [ip4][..udp] [......10.0.2.15][28681] -> [..96.29.197.138][.6346] - not-detected: [...210] [ip4][..udp] [......10.0.2.15][28681] -> [.41.100.120.146][12838] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...210] [ip4][..udp] [......10.0.2.15][28681] -> [.41.100.120.146][12838] - not-detected: [...218] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.52.115][53956] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...218] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.52.115][53956] - not-detected: [...211] [ip4][..udp] [......10.0.2.15][28681] -> [..186.93.139.92][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...211] [ip4][..udp] [......10.0.2.15][28681] -> [..186.93.139.92][.6346] - not-detected: [...154] [ip4][..udp] [......10.0.2.15][28681] -> [174.115.111.224][51984] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...154] [ip4][..udp] [......10.0.2.15][28681] -> [174.115.111.224][51984] - not-detected: [...201] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...201] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] - not-detected: [...194] [ip4][..udp] [......10.0.2.15][28681] -> [176.150.126.156][16471] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...194] [ip4][..udp] [......10.0.2.15][28681] -> [176.150.126.156][16471] - not-detected: [...178] [ip4][..udp] [......10.0.2.15][28681] -> [....83.46.253.7][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...178] [ip4][..udp] [......10.0.2.15][28681] -> [....83.46.253.7][.6346] - not-detected: [...216] [ip4][..udp] [......10.0.2.15][28681] -> [.212.68.248.153][27223] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...216] [ip4][..udp] [......10.0.2.15][28681] -> [.212.68.248.153][27223] - not-detected: [...204] [ip4][..udp] [......10.0.2.15][28681] -> [..84.126.240.32][45313] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...204] [ip4][..udp] [......10.0.2.15][28681] -> [..84.126.240.32][45313] - not-detected: [...202] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...202] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] + idle: [...217] [ip4][..udp] [......10.0.2.15][28681] -> [.126.117.45.151][19323] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...155] [ip4][..udp] [......10.0.2.15][28681] -> [.88.168.182.103][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...198] [ip4][..udp] [......10.0.2.15][28681] -> [..58.182.171.50][15180] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...192] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...181] [ip4][..udp] [......10.0.2.15][28681] -> [...66.177.5.135][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...162] [ip4][..udp] [......10.0.2.15][28681] -> [.88.123.159.111][44729] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...214] [ip4][..udp] [......10.0.2.15][28681] -> [.91.169.215.227][26820] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...193] [ip4][..udp] [......10.0.2.15][28681] -> [..188.44.126.74][54633] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...169] [ip4][..udp] [......10.0.2.15][28681] -> [...91.162.52.93][34799] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...206] [ip4][..udp] [......10.0.2.15][28681] -> [213.166.132.204][11194] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...203] [ip4][..udp] [......10.0.2.15][28681] -> [.120.156.204.38][54832] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...199] [ip4][..udp] [......10.0.2.15][28681] -> [..114.73.129.26][53585] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...207] [ip4][..udp] [......10.0.2.15][28681] -> [.81.242.191.215][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...208] [ip4][..udp] [......10.0.2.15][28681] -> [..81.249.64.215][25058] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...212] [ip4][..udp] [......10.0.2.15][28681] -> [...36.233.3.223][12848] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...197] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...168] [ip4][..udp] [......10.0.2.15][28681] -> [...89.157.59.43][56919] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...215] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...189] [ip4][..udp] [......10.0.2.15][28681] -> [115.195.105.243][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...179] [ip4][..udp] [......10.0.2.15][28681] -> [.178.51.146.115][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...186] [ip4][..udp] [......10.0.2.15][28681] -> [..91.182.44.202][30277] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...174] [ip4][..udp] [......10.0.2.15][28681] -> [..196.74.159.56][29271] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...205] [ip4][..udp] [......10.0.2.15][28681] -> [..96.29.197.138][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...210] [ip4][..udp] [......10.0.2.15][28681] -> [.41.100.120.146][12838] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...218] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.52.115][53956] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...211] [ip4][..udp] [......10.0.2.15][28681] -> [..186.93.139.92][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...154] [ip4][..udp] [......10.0.2.15][28681] -> [174.115.111.224][51984] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...201] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...194] [ip4][..udp] [......10.0.2.15][28681] -> [176.150.126.156][16471] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...178] [ip4][..udp] [......10.0.2.15][28681] -> [....83.46.253.7][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...216] [ip4][..udp] [......10.0.2.15][28681] -> [.212.68.248.153][27223] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...204] [ip4][..udp] [......10.0.2.15][28681] -> [..84.126.240.32][45313] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...202] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...329] [ip4][..udp] [......10.0.2.15][28681] -> [..92.117.249.98][.6815] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...328] [ip4][..udp] [......10.0.2.15][28681] -> [.203.220.105.27][19260] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -1997,12 +2647,16 @@ RISK: Unsafe Protocol, Unidirectional Traffic update: [...361] [ip4][..udp] [......10.0.2.15][28681] -> [..86.129.196.84][.9915] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...134] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] - update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] - update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] + update: [...134] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...366] [ip4][..udp] [......10.0.2.15][28681] -> [....94.8.55.158][51140] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] + update: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...365] [ip4][..udp] [......10.0.2.15][28681] -> [..188.23.24.213][18561] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...340] [ip4][..udp] [......10.0.2.15][28681] -> [.38.142.119.234][49732] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -2020,35 +2674,45 @@ RISK: Unsafe Protocol, Unidirectional Traffic update: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous] RISK: Unsafe Protocol - update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] + update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...359] [ip4][..udp] [......10.0.2.15][51685] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] update: [...344] [ip4][..udp] [......10.0.2.15][28681] -> [.207.38.163.228][.6778] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...323] [ip4][..udp] [......10.0.2.15][28681] -> [.96.246.156.126][56070] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] - update: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] - update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] + update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...336] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][.6888] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] - update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] + update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...348] [ip4][..udp] [......10.0.2.15][28681] -> [...84.197.97.94][.1360] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...368] [ip4][..udp] [......10.0.2.15][28681] -> [...47.147.52.21][36728] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] + update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...363] [ip4][..udp] [......10.0.2.15][28681] -> [...81.205.91.45][38297] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...136] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][16047] + update: [...136] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][16047] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...346] [ip4][..udp] [......10.0.2.15][28681] -> [..76.226.85.105][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] + update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...362] [ip4][..udp] [......10.0.2.15][28681] -> [190.192.210.182][.6754] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...322] [ip4][..udp] [......10.0.2.15][28681] -> [..45.88.117.219][.6909] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] + update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...327] [ip4][..udp] [......10.0.2.15][28681] -> [...84.28.53.225][44859] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...321] [ip4][..udp] [......10.0.2.15][28681] -> [188.165.203.190][21995] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -2058,67 +2722,132 @@ update: [...342] [ip4][..udp] [......10.0.2.15][28681] -> [..98.208.26.154][.4994] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...369] [ip4][..udp] [......10.0.2.15][28681] -> [.89.187.171.240][.6346] - update: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] + update: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...337] [ip4][..udp] [......10.0.2.15][28681] -> [..24.116.64.132][51227] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] + update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...319] [ip4][..udp] [......10.0.2.15][28681] -> [..164.132.10.25][55302] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...347] [ip4][..udp] [......10.0.2.15][28681] -> [..176.10.169.10][12799] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] - update: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] - update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] - update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] + update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...330] [ip4][..udp] [......10.0.2.15][28681] -> [....82.64.44.11][.1352] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...360] [ip4][..udp] [......10.0.2.15][28681] -> [..198.58.218.12][47912] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...364] [ip4][..udp] [......10.0.2.15][28681] -> [194.163.180.126][10825] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] - update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] - update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] + update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...326] [ip4][..udp] [......10.0.2.15][28681] -> [..100.1.231.138][56558] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] + update: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...339] [ip4][..udp] [......10.0.2.15][28681] -> [..87.123.54.234][54130] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] + update: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...341] [ip4][..udp] [......10.0.2.15][28681] -> [..24.129.233.60][19990] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] + update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...367] [ip4][..udp] [......10.0.2.15][28681] -> [.149.28.163.175][49956] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] + update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] detected: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] new: [...494] [ip4][..udp] [......10.0.2.15][28681] -> [...86.210.81.59][.6346] + detected: [...494] [ip4][..udp] [......10.0.2.15][28681] -> [...86.210.81.59][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...495] [ip4][..udp] [......10.0.2.15][28681] -> [...81.247.89.20][.6346] + detected: [...495] [ip4][..udp] [......10.0.2.15][28681] -> [...81.247.89.20][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...496] [ip4][..udp] [......10.0.2.15][28681] -> [.218.173.230.98][19004] + detected: [...496] [ip4][..udp] [......10.0.2.15][28681] -> [.218.173.230.98][19004] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...497] [ip4][..udp] [......10.0.2.15][28681] -> [..84.100.76.123][39628] + detected: [...497] [ip4][..udp] [......10.0.2.15][28681] -> [..84.100.76.123][39628] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...498] [ip4][..udp] [......10.0.2.15][28681] -> [...8.44.149.207][30551] + detected: [...498] [ip4][..udp] [......10.0.2.15][28681] -> [...8.44.149.207][30551] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...499] [ip4][..udp] [......10.0.2.15][28681] -> [....1.161.80.82][.8656] + detected: [...499] [ip4][..udp] [......10.0.2.15][28681] -> [....1.161.80.82][.8656] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...500] [ip4][..udp] [......10.0.2.15][28681] -> [.220.143.34.225][20071] + detected: [...500] [ip4][..udp] [......10.0.2.15][28681] -> [.220.143.34.225][20071] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...501] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] + detected: [...501] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...502] [ip4][..udp] [......10.0.2.15][28681] -> [..47.156.58.211][.6346] + detected: [...502] [ip4][..udp] [......10.0.2.15][28681] -> [..47.156.58.211][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...503] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] + detected: [...503] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...504] [ip4][..udp] [......10.0.2.15][28681] -> [..85.203.45.107][.6346] + detected: [...504] [ip4][..udp] [......10.0.2.15][28681] -> [..85.203.45.107][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...505] [ip4][..udp] [......10.0.2.15][28681] -> [.....42.2.62.28][.6387] + detected: [...505] [ip4][..udp] [......10.0.2.15][28681] -> [.....42.2.62.28][.6387] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...506] [ip4][..udp] [......10.0.2.15][28681] -> [..136.32.84.139][.6346] + detected: [...506] [ip4][..udp] [......10.0.2.15][28681] -> [..136.32.84.139][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...507] [ip4][..udp] [......10.0.2.15][28681] -> [...50.4.204.220][.6346] + detected: [...507] [ip4][..udp] [......10.0.2.15][28681] -> [...50.4.204.220][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...508] [ip4][..udp] [......10.0.2.15][28681] -> [...92.144.99.73][10745] + detected: [...508] [ip4][..udp] [......10.0.2.15][28681] -> [...92.144.99.73][10745] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...509] [ip4][..udp] [......10.0.2.15][28681] -> [.92.142.109.190][41370] + detected: [...509] [ip4][..udp] [......10.0.2.15][28681] -> [.92.142.109.190][41370] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...510] [ip4][..udp] [......10.0.2.15][28681] -> [...79.94.85.113][.6346] + detected: [...510] [ip4][..udp] [......10.0.2.15][28681] -> [...79.94.85.113][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...511] [ip4][..udp] [......10.0.2.15][28681] -> [...68.47.223.27][.6346] + detected: [...511] [ip4][..udp] [......10.0.2.15][28681] -> [...68.47.223.27][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...512] [ip4][..udp] [......10.0.2.15][28681] -> [..209.204.207.5][49256] + detected: [...512] [ip4][..udp] [......10.0.2.15][28681] -> [..209.204.207.5][49256] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...513] [ip4][..udp] [......10.0.2.15][28681] -> [..78.196.216.12][58910] + detected: [...513] [ip4][..udp] [......10.0.2.15][28681] -> [..78.196.216.12][58910] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...514] [ip4][..udp] [......10.0.2.15][28681] -> [..83.114.40.175][23552] + detected: [...514] [ip4][..udp] [......10.0.2.15][28681] -> [..83.114.40.175][23552] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...515] [ip4][..udp] [......10.0.2.15][28681] -> [220.137.106.173][11625] + detected: [...515] [ip4][..udp] [......10.0.2.15][28681] -> [220.137.106.173][11625] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...516] [ip4][..udp] [......10.0.2.15][28681] -> [.119.246.147.72][.4572] + detected: [...516] [ip4][..udp] [......10.0.2.15][28681] -> [.119.246.147.72][.4572] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...517] [ip4][..udp] [......10.0.2.15][28681] -> [..36.239.162.27][.7986] + detected: [...517] [ip4][..udp] [......10.0.2.15][28681] -> [..36.239.162.27][.7986] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...518] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] + detected: [...518] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...519] [ip4][..udp] [......10.0.2.15][28681] -> [...219.70.48.23][.8070] + detected: [...519] [ip4][..udp] [......10.0.2.15][28681] -> [...219.70.48.23][.8070] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...520] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.128.228][.3339] new: [...521] [ip4][..udp] [......10.0.2.15][28681] -> [.113.255.250.32][23458] new: [...522] [ip4][..udp] [......10.0.2.15][28681] -> [119.247.152.218][51153] @@ -2351,9 +3080,8 @@ RISK: Unsafe Protocol, Unidirectional Traffic idle: [...325] [ip4][..udp] [......10.0.2.15][28681] -> [..83.160.143.48][37036] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - not-detected: [...305] [ip4][..udp] [......10.0.2.15][28681] -> [..88.168.175.31][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...305] [ip4][..udp] [......10.0.2.15][28681] -> [..88.168.175.31][.6346] + idle: [...305] [ip4][..udp] [......10.0.2.15][28681] -> [..88.168.175.31][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [....31] [ip4][..tcp] [......10.0.2.15][50193] -> [....89.75.52.19][46010] [Unknown][Unknown][Unrated] end: [....31] [ip4][..tcp] [......10.0.2.15][50193] -> [....89.75.52.19][46010] idle: [...322] [ip4][..udp] [......10.0.2.15][28681] -> [..45.88.117.219][.6909] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -2366,65 +3094,112 @@ end: [....30] [ip4][..tcp] [......10.0.2.15][50192] -> [....45.65.87.24][16201] not-detected: [....29] [ip4][..tcp] [......10.0.2.15][50191] -> [.207.38.163.228][.6778] [Unknown][Unknown][Unrated] end: [....29] [ip4][..tcp] [......10.0.2.15][50191] -> [.207.38.163.228][.6778] - update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] - update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] - update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] - update: [...354] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][.1032] - update: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] - update: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] - update: [...353] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][25282] - update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] - update: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] - update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] - update: [...371] [ip4][..udp] [......10.0.2.15][28681] -> [.109.131.202.24][44748] - update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] - update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] - update: [...370] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.56.198][11984] - update: [...173] [ip4][..udp] [......10.0.2.15][28681] -> [..121.99.222.36][44988] - update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] - update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] - update: [...374] [ip4][..udp] [......10.0.2.15][28681] -> [....62.35.190.5][18604] - update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] - update: [...164] [ip4][..udp] [......10.0.2.15][28681] -> [.142.197.219.85][26234] - update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] - update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] - update: [...372] [ip4][..udp] [......10.0.2.15][28681] -> [.91.179.185.126][.6346] - update: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] - update: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] - update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] - update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] - update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] - update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] - update: [...165] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] - update: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] - update: [...188] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] - update: [...177] [ip4][..udp] [......10.0.2.15][28681] -> [.69.157.183.106][.6346] - update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] - update: [...182] [ip4][..udp] [......10.0.2.15][28681] -> [....73.3.103.37][35589] - update: [...351] [ip4][..udp] [......10.0.2.15][28681] -> [..187.37.87.189][.6346] - update: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] - update: [...163] [ip4][..udp] [......10.0.2.15][28681] -> [.88.126.160.158][.6346] - update: [...373] [ip4][..udp] [......10.0.2.15][28681] -> [..88.122.233.15][11488] - update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] + update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...354] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][.1032] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...353] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][25282] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...371] [ip4][..udp] [......10.0.2.15][28681] -> [.109.131.202.24][44748] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...370] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.56.198][11984] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...173] [ip4][..udp] [......10.0.2.15][28681] -> [..121.99.222.36][44988] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...374] [ip4][..udp] [......10.0.2.15][28681] -> [....62.35.190.5][18604] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...164] [ip4][..udp] [......10.0.2.15][28681] -> [.142.197.219.85][26234] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...372] [ip4][..udp] [......10.0.2.15][28681] -> [.91.179.185.126][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...165] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...188] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...177] [ip4][..udp] [......10.0.2.15][28681] -> [.69.157.183.106][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...182] [ip4][..udp] [......10.0.2.15][28681] -> [....73.3.103.37][35589] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...351] [ip4][..udp] [......10.0.2.15][28681] -> [..187.37.87.189][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...163] [ip4][..udp] [......10.0.2.15][28681] -> [.88.126.160.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...373] [ip4][..udp] [......10.0.2.15][28681] -> [..88.122.233.15][11488] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...746] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] new: [...747] [ip4][..udp] [......10.0.2.15][28681] -> [..50.58.238.163][.6599] update: [...377] [ip4][..udp] [......10.0.2.15][28681] -> [.180.200.236.13][12082] - update: [...433] [ip4][..udp] [......10.0.2.15][28681] -> [.99.255.145.191][47264] - update: [...404] [ip4][..udp] [......10.0.2.15][28681] -> [.86.234.216.251][17845] + update: [...433] [ip4][..udp] [......10.0.2.15][28681] -> [.99.255.145.191][47264] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...404] [ip4][..udp] [......10.0.2.15][28681] -> [.86.234.216.251][17845] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...441] [ip4][..udp] [......10.0.2.15][28681] -> [.36.237.199.108][56040] update: [...450] [ip4][..udp] [......10.0.2.15][28681] -> [113.252.206.254][23458] - update: [...426] [ip4][..udp] [......10.0.2.15][28681] -> [..219.71.44.121][14398] + update: [...426] [ip4][..udp] [......10.0.2.15][28681] -> [..219.71.44.121][14398] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...247] [ip4][..udp] [......10.0.2.15][28681] -> [..181.84.178.16][60262] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...307] [ip4][..udp] [......10.0.2.15][28681] -> [..72.201.208.57][38617] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...411] [ip4][..udp] [......10.0.2.15][28681] -> [...89.143.28.64][.6346] - update: [...408] [ip4][..udp] [......10.0.2.15][28681] -> [...90.103.2.245][.6346] - update: [...424] [ip4][..udp] [......10.0.2.15][28681] -> [..93.15.216.216][.6346] + update: [...411] [ip4][..udp] [......10.0.2.15][28681] -> [...89.143.28.64][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...408] [ip4][..udp] [......10.0.2.15][28681] -> [...90.103.2.245][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...424] [ip4][..udp] [......10.0.2.15][28681] -> [..93.15.216.216][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...309] [ip4][..udp] [......10.0.2.15][28681] -> [.47.220.186.140][27641] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...479] [ip4][..udp] [......10.0.2.15][28681] -> [.123.205.13.148][51896] - update: [...422] [ip4][..udp] [......10.0.2.15][28681] -> [..88.123.35.219][42211] + update: [...422] [ip4][..udp] [......10.0.2.15][28681] -> [..88.123.35.219][42211] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...394] [ip4][..udp] [......10.0.2.15][28681] -> [.165.84.134.136][21407] update: [...254] [ip4][..udp] [......10.0.2.15][28681] -> [..88.120.73.215][24562] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic @@ -2432,7 +3207,8 @@ RISK: Unsafe Protocol, Unidirectional Traffic update: [...315] [ip4][..udp] [......10.0.2.15][28681] -> [...92.217.84.16][20223] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...439] [ip4][..udp] [......10.0.2.15][28681] -> [..176.135.15.86][.6346] + update: [...439] [ip4][..udp] [......10.0.2.15][28681] -> [..176.135.15.86][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...474] [ip4][..udp] [......10.0.2.15][28681] -> [..80.61.221.246][45880] update: [...398] [ip4][..udp] [......10.0.2.15][28681] -> [.62.102.148.166][31332] update: [...477] [ip4][..udp] [......10.0.2.15][28681] -> [....94.54.66.82][45640] @@ -2446,24 +3222,31 @@ update: [...357] [ip4][..udp] [......10.0.2.15][28681] -> [...98.35.85.238][32173] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...471] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][43457] - update: [...481] [ip4][..udp] [......10.0.2.15][28681] -> [..82.120.219.74][.6346] + update: [...481] [ip4][..udp] [......10.0.2.15][28681] -> [..82.120.219.74][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...476] [ip4][..udp] [......10.0.2.15][28681] -> [..98.18.172.208][63172] update: [...381] [ip4][..udp] [......10.0.2.15][28681] -> [...77.58.211.52][.3806] update: [...386] [ip4][..udp] [......10.0.2.15][28681] -> [...85.172.10.90][40162] - update: [...435] [ip4][..udp] [......10.0.2.15][28681] -> [.109.24.146.101][.6346] - update: [...465] [ip4][..udp] [......10.0.2.15][28681] -> [.....2.28.39.18][15672] + update: [...435] [ip4][..udp] [......10.0.2.15][28681] -> [.109.24.146.101][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...465] [ip4][..udp] [......10.0.2.15][28681] -> [.....2.28.39.18][15672] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...310] [ip4][..udp] [......10.0.2.15][28681] -> [.118.240.69.199][.6348] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...306] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] - update: [...421] [ip4][..udp] [......10.0.2.15][28681] -> [..175.182.39.11][12977] + update: [...306] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...421] [ip4][..udp] [......10.0.2.15][28681] -> [..175.182.39.11][12977] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...392] [ip4][..udp] [......10.0.2.15][28681] -> [....42.0.69.215][12608] update: [...265] [ip4][..udp] [......10.0.2.15][28681] -> [203.220.198.244][.1194] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...416] [ip4][..udp] [......10.0.2.15][28681] -> [..92.139.61.103][24096] + update: [...416] [ip4][..udp] [......10.0.2.15][28681] -> [..92.139.61.103][24096] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...304] [ip4][..udp] [......10.0.2.15][28681] -> [.193.32.126.214][59596] update: [...443] [ip4][..udp] [......10.0.2.15][28681] -> [..183.179.14.31][54754] update: [...389] [ip4][..udp] [......10.0.2.15][28681] -> [..94.215.183.71][31310] - update: [...413] [ip4][..udp] [......10.0.2.15][28681] -> [...87.65.188.29][24676] + update: [...413] [ip4][..udp] [......10.0.2.15][28681] -> [...87.65.188.29][24676] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...318] [ip4][..udp] [......10.0.2.15][28681] -> [173.183.183.110][59920] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...242] [ip4][..udp] [......10.0.2.15][28681] -> [..75.133.101.93][52367] @@ -2471,14 +3254,18 @@ RISK: Unsafe Protocol, Unidirectional Traffic update: [...311] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.188.98][62851] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...412] [ip4][..udp] [......10.0.2.15][28681] -> [...58.177.52.73][.6346] - update: [...418] [ip4][..udp] [......10.0.2.15][28681] -> [.75.129.149.103][.6346] + update: [...412] [ip4][..udp] [......10.0.2.15][28681] -> [...58.177.52.73][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...418] [ip4][..udp] [......10.0.2.15][28681] -> [.75.129.149.103][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...308] [ip4][..udp] [......10.0.2.15][28681] -> [...81.205.91.45][40137] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...251] [ip4][..udp] [......10.0.2.15][28681] -> [.185.203.218.92][56962] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...468] [ip4][..udp] [......10.0.2.15][28681] -> [..94.214.12.247][44001] - update: [...466] [ip4][..udp] [......10.0.2.15][28681] -> [...70.119.248.5][49929] + update: [...468] [ip4][..udp] [......10.0.2.15][28681] -> [..94.214.12.247][44001] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...466] [ip4][..udp] [......10.0.2.15][28681] -> [...70.119.248.5][49929] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...259] [ip4][..udp] [......10.0.2.15][28681] -> [103.232.107.100][43508] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...300] [ip4][..udp] [......10.0.2.15][28681] -> [104.238.172.250][23548] @@ -2494,28 +3281,35 @@ RISK: Unsafe Protocol, Unidirectional Traffic update: [...378] [ip4][..udp] [......10.0.2.15][28681] -> [.118.241.204.61][43366] update: [...456] [ip4][..udp] [......10.0.2.15][28681] -> [.89.241.112.255][14766] - update: [...428] [ip4][..udp] [......10.0.2.15][28681] -> [....86.162.97.8][.6346] + update: [...428] [ip4][..udp] [......10.0.2.15][28681] -> [....86.162.97.8][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...249] [ip4][..udp] [......10.0.2.15][28681] -> [..45.88.117.218][.6909] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...375] [ip4][..udp] [......10.0.2.15][28681] -> [..73.182.136.42][27873] update: [...455] [ip4][..udp] [......10.0.2.15][28681] -> [.58.153.206.183][16919] update: [...453] [ip4][..udp] [......10.0.2.15][28681] -> [..74.127.26.138][.3083] - update: [...425] [ip4][..udp] [......10.0.2.15][28681] -> [..145.82.53.165][.6346] + update: [...425] [ip4][..udp] [......10.0.2.15][28681] -> [..145.82.53.165][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...257] [ip4][..udp] [......10.0.2.15][28681] -> [.82.181.251.218][36368] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...460] [ip4][..udp] [......10.0.2.15][28681] -> [.210.194.116.78][.8342] update: [...454] [ip4][..udp] [......10.0.2.15][28681] -> [.223.16.121.156][23183] - update: [...401] [ip4][..udp] [......10.0.2.15][28681] -> [.173.178.192.76][.6346] - update: [...484] [ip4][..udp] [......10.0.2.15][28681] -> [...107.4.56.177][10000] - update: [...406] [ip4][..udp] [......10.0.2.15][28681] -> [....109.27.3.68][57380] + update: [...401] [ip4][..udp] [......10.0.2.15][28681] -> [.173.178.192.76][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...484] [ip4][..udp] [......10.0.2.15][28681] -> [...107.4.56.177][10000] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...406] [ip4][..udp] [......10.0.2.15][28681] -> [....109.27.3.68][57380] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...399] [ip4][..udp] [......10.0.2.15][28681] -> [.175.39.219.223][31728] update: [...469] [ip4][..udp] [......10.0.2.15][28681] -> [..87.123.54.234][47184] update: [...356] [ip4][..udp] [......10.0.2.15][28681] -> [.63.228.175.169][.1936] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...467] [ip4][..udp] [......10.0.2.15][28681] -> [...61.64.177.53][23458] + update: [...467] [ip4][..udp] [......10.0.2.15][28681] -> [...61.64.177.53][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...355] [ip4][..udp] [......10.0.2.15][28681] -> [.181.118.53.212][29998] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...431] [ip4][..udp] [......10.0.2.15][28681] -> [..88.124.71.246][49035] + update: [...431] [ip4][..udp] [......10.0.2.15][28681] -> [..88.124.71.246][49035] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...388] [ip4][..udp] [......10.0.2.15][28681] -> [...121.7.145.36][33905] update: [...303] [ip4][..udp] [......10.0.2.15][28681] -> [.142.132.165.13][30566] update: [...246] [ip4][..udp] [......10.0.2.15][28681] -> [...96.65.68.194][35481] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -2523,72 +3317,97 @@ update: [...395] [ip4][..udp] [......10.0.2.15][28681] -> [..191.114.88.39][18751] update: [...301] [ip4][..udp] [......10.0.2.15][28681] -> [..188.61.52.183][11852] update: [...483] [ip4][..udp] [.......10.0.2.2][.1026] -> [......10.0.2.15][28681] - update: [...402] [ip4][..udp] [......10.0.2.15][28681] -> [...78.219.202.2][.6346] - update: [...420] [ip4][..udp] [......10.0.2.15][28681] -> [..86.227.127.34][.6346] - update: [...417] [ip4][..udp] [......10.0.2.15][28681] -> [.94.187.236.179][.6346] + update: [...402] [ip4][..udp] [......10.0.2.15][28681] -> [...78.219.202.2][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...420] [ip4][..udp] [......10.0.2.15][28681] -> [..86.227.127.34][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...417] [ip4][..udp] [......10.0.2.15][28681] -> [.94.187.236.179][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...317] [ip4][..udp] [......10.0.2.15][28681] -> [...96.236.205.7][34794] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...376] [ip4][..udp] [......10.0.2.15][28681] -> [....156.57.42.2][33476] - update: [...485] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.209][.6346] + update: [...485] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.209][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...261] [ip4][..udp] [......10.0.2.15][28681] -> [..60.241.48.194][21301] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...243] [ip4][..udp] [......10.0.2.15][28681] -> [.104.156.226.72][53258] - update: [...427] [ip4][..udp] [......10.0.2.15][28681] -> [...81.249.13.30][15138] + update: [...427] [ip4][..udp] [......10.0.2.15][28681] -> [...81.249.13.30][15138] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...313] [ip4][..udp] [......10.0.2.15][28681] -> [..176.99.176.20][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...405] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.31.118][.6346] + update: [...405] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.31.118][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...387] [ip4][..udp] [......10.0.2.15][28681] -> [....220.135.8.7][.1219] update: [...302] [ip4][..udp] [......10.0.2.15][28681] -> [.185.187.74.173][53489] update: [...255] [ip4][..udp] [......10.0.2.15][28681] -> [..80.61.221.246][30577] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...415] [ip4][..udp] [......10.0.2.15][28681] -> [..90.247.160.96][17817] + update: [...415] [ip4][..udp] [......10.0.2.15][28681] -> [..90.247.160.96][17817] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...458] [ip4][..udp] [......10.0.2.15][28681] -> [118.165.228.167][12201] - update: [...486] [ip4][..udp] [......10.0.2.15][28681] -> [...88.68.45.203][.6346] - update: [...410] [ip4][..udp] [......10.0.2.15][28681] -> [..93.28.130.131][.6346] + update: [...486] [ip4][..udp] [......10.0.2.15][28681] -> [...88.68.45.203][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...410] [ip4][..udp] [......10.0.2.15][28681] -> [..93.28.130.131][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...248] [ip4][..udp] [......10.0.2.15][28681] -> [..66.30.221.181][12012] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...380] [ip4][..udp] [......10.0.2.15][28681] -> [...83.86.49.195][12019] - update: [...423] [ip4][..udp] [......10.0.2.15][28681] -> [..119.247.6.226][.9713] - update: [...438] [ip4][..udp] [......10.0.2.15][28681] -> [..71.86.190.163][14142] - update: [...403] [ip4][..udp] [......10.0.2.15][28681] -> [197.244.171.132][.6346] + update: [...423] [ip4][..udp] [......10.0.2.15][28681] -> [..119.247.6.226][.9713] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...438] [ip4][..udp] [......10.0.2.15][28681] -> [..71.86.190.163][14142] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...403] [ip4][..udp] [......10.0.2.15][28681] -> [197.244.171.132][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...457] [ip4][..udp] [......10.0.2.15][28681] -> [119.247.240.113][13867] - update: [...429] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.215.213][23576] - update: [...436] [ip4][..udp] [......10.0.2.15][28681] -> [.219.68.179.137][.6406] - update: [...414] [ip4][..udp] [......10.0.2.15][28681] -> [175.181.156.244][.8255] + update: [...429] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.215.213][23576] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...436] [ip4][..udp] [......10.0.2.15][28681] -> [.219.68.179.137][.6406] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...414] [ip4][..udp] [......10.0.2.15][28681] -> [175.181.156.244][.8255] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...383] [ip4][..udp] [......10.0.2.15][28681] -> [...84.71.243.60][34498] - update: [...409] [ip4][..udp] [......10.0.2.15][28681] -> [...86.194.53.68][33770] - update: [...482] [ip4][..udp] [......10.0.2.15][28681] -> [..86.193.23.172][42227] - update: [...400] [ip4][..udp] [......10.0.2.15][28681] -> [..129.45.47.167][.6346] + update: [...409] [ip4][..udp] [......10.0.2.15][28681] -> [...86.194.53.68][33770] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...482] [ip4][..udp] [......10.0.2.15][28681] -> [..86.193.23.172][42227] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...400] [ip4][..udp] [......10.0.2.15][28681] -> [..129.45.47.167][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...263] [ip4][..udp] [......10.0.2.15][28681] -> [..82.217.176.52][.7446] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...253] [ip4][..udp] [......10.0.2.15][28681] -> [.193.37.255.130][61616] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...407] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][.6346] + update: [...407] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...463] [ip4][..udp] [......10.0.2.15][28681] -> [..200.7.155.210][28365] update: [...452] [ip4][..udp] [......10.0.2.15][28681] -> [..68.227.193.37][27481] update: [...390] [ip4][..udp] [......10.0.2.15][28681] -> [144.134.132.206][16401] - update: [...440] [ip4][..udp] [......10.0.2.15][28681] -> [203.165.170.112][37087] + update: [...440] [ip4][..udp] [......10.0.2.15][28681] -> [203.165.170.112][37087] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...448] [ip4][..udp] [......10.0.2.15][28681] -> [116.241.162.162][15677] update: [...459] [ip4][..udp] [......10.0.2.15][28681] -> [...100.89.84.59][11603] update: [...252] [ip4][..udp] [......10.0.2.15][28681] -> [..72.140.120.41][47739] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...391] [ip4][..udp] [......10.0.2.15][28681] -> [...161.81.38.67][.9539] - update: [...437] [ip4][..udp] [......10.0.2.15][28681] -> [....31.38.163.2][.6346] + update: [...437] [ip4][..udp] [......10.0.2.15][28681] -> [....31.38.163.2][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...316] [ip4][..udp] [......10.0.2.15][28681] -> [....94.54.66.82][63637] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...262] [ip4][..udp] [......10.0.2.15][28681] -> [....89.75.52.19][46010] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...445] [ip4][..udp] [......10.0.2.15][28681] -> [118.165.153.100][.4509] - update: [...419] [ip4][..udp] [......10.0.2.15][28681] -> [...78.193.236.8][46557] + update: [...419] [ip4][..udp] [......10.0.2.15][28681] -> [...78.193.236.8][46557] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...393] [ip4][..udp] [......10.0.2.15][28681] -> [.58.115.158.103][.5110] - update: [...432] [ip4][..udp] [......10.0.2.15][28681] -> [...104.6.118.53][.6346] + update: [...432] [ip4][..udp] [......10.0.2.15][28681] -> [...104.6.118.53][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...464] [ip4][..udp] [......10.0.2.15][28681] -> [...101.128.66.8][34512] update: [...382] [ip4][..udp] [......10.0.2.15][28681] -> [..76.175.11.126][40958] update: [...480] [ip4][..udp] [......10.0.2.15][28681] -> [..112.119.74.26][65498] - update: [...434] [ip4][..udp] [......10.0.2.15][28681] -> [.114.24.182.130][22232] + update: [...434] [ip4][..udp] [......10.0.2.15][28681] -> [.114.24.182.130][22232] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...462] [ip4][..udp] [......10.0.2.15][28681] -> [..164.132.10.25][47808] update: [...397] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][24634] - update: [...430] [ip4][..udp] [......10.0.2.15][28681] -> [....90.8.95.165][40763] + update: [...430] [ip4][..udp] [......10.0.2.15][28681] -> [....90.8.95.165][40763] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...475] [ip4][..udp] [......10.0.2.15][28681] -> [..188.61.52.183][63978] update: [...473] [ip4][..udp] [......10.0.2.15][28681] -> [.142.132.165.13][33564] update: [...264] [ip4][..udp] [......10.0.2.15][28681] -> [...95.10.205.67][11603] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -2600,9 +3419,8 @@ RISK: Unsafe Protocol, Unidirectional Traffic idle: [...338] [ip4][..udp] [......10.0.2.15][28681] -> [221.198.205.196][20778] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - not-detected: [...134] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...134] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] + idle: [...134] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [...350] [ip4][..udp] [......10.0.2.15][28681] -> [..99.250.253.99][11819] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic idle: [...343] [ip4][..udp] [......10.0.2.15][28681] -> [..89.212.91.155][.5195] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -2613,56 +3431,66 @@ RISK: Unsafe Protocol, Unidirectional Traffic idle: [...327] [ip4][..udp] [......10.0.2.15][28681] -> [...84.28.53.225][44859] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - not-detected: [...164] [ip4][..udp] [......10.0.2.15][28681] -> [.142.197.219.85][26234] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...164] [ip4][..udp] [......10.0.2.15][28681] -> [.142.197.219.85][26234] + idle: [...164] [ip4][..udp] [......10.0.2.15][28681] -> [.142.197.219.85][26234] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [...337] [ip4][..udp] [......10.0.2.15][28681] -> [..24.116.64.132][51227] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic idle: [...347] [ip4][..udp] [......10.0.2.15][28681] -> [..176.10.169.10][12799] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - not-detected: [...165] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...165] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] - not-detected: [...188] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...188] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] - not-detected: [...182] [ip4][..udp] [......10.0.2.15][28681] -> [....73.3.103.37][35589] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...182] [ip4][..udp] [......10.0.2.15][28681] -> [....73.3.103.37][35589] + idle: [...165] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...188] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...182] [ip4][..udp] [......10.0.2.15][28681] -> [....73.3.103.37][35589] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [...326] [ip4][..udp] [......10.0.2.15][28681] -> [..100.1.231.138][56558] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - not-detected: [...351] [ip4][..udp] [......10.0.2.15][28681] -> [..187.37.87.189][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...351] [ip4][..udp] [......10.0.2.15][28681] -> [..187.37.87.189][.6346] - not-detected: [...163] [ip4][..udp] [......10.0.2.15][28681] -> [.88.126.160.158][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...163] [ip4][..udp] [......10.0.2.15][28681] -> [.88.126.160.158][.6346] + idle: [...351] [ip4][..udp] [......10.0.2.15][28681] -> [..187.37.87.189][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...163] [ip4][..udp] [......10.0.2.15][28681] -> [.88.126.160.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [...341] [ip4][..udp] [......10.0.2.15][28681] -> [..24.129.233.60][19990] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...488] [ip4][..udp] [......10.0.2.15][28681] -> [.183.179.90.112][.9852] - update: [...490] [ip4][..udp] [......10.0.2.15][28681] -> [...90.3.215.132][20356] - update: [...489] [ip4][..udp] [......10.0.2.15][28681] -> [...108.44.45.25][.6346] - update: [...487] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] - update: [...491] [ip4][..udp] [......10.0.2.15][28681] -> [..36.233.42.210][.5512] - update: [...492] [ip4][..udp] [......10.0.2.15][28681] -> [...172.94.41.71][.6346] + update: [...488] [ip4][..udp] [......10.0.2.15][28681] -> [.183.179.90.112][.9852] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...490] [ip4][..udp] [......10.0.2.15][28681] -> [...90.3.215.132][20356] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...489] [ip4][..udp] [......10.0.2.15][28681] -> [...108.44.45.25][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...487] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...491] [ip4][..udp] [......10.0.2.15][28681] -> [..36.233.42.210][.5512] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...492] [ip4][..udp] [......10.0.2.15][28681] -> [...172.94.41.71][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] + detected: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...749] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] + detected: [...749] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...750] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] + detected: [...750] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...751] [ip4][..udp] [......10.0.2.15][28681] -> [142.115.218.152][.5900] + detected: [...751] [ip4][..udp] [......10.0.2.15][28681] -> [142.115.218.152][.5900] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...752] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] + detected: [...752] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...753] [ip4][..udp] [......10.0.2.15][28681] -> [..165.84.140.96][14400] + detected: [...753] [ip4][..udp] [......10.0.2.15][28681] -> [..165.84.140.96][14400] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [...329] [ip4][..udp] [......10.0.2.15][28681] -> [..92.117.249.98][.6815] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic idle: [...328] [ip4][..udp] [......10.0.2.15][28681] -> [.203.220.105.27][19260] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - not-detected: [...354] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][.1032] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...354] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][.1032] + idle: [...354] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][.1032] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [...315] [ip4][..udp] [......10.0.2.15][28681] -> [...92.217.84.16][20223] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - not-detected: [...353] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][25282] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...353] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][25282] + idle: [...353] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][25282] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [...358] [ip4][..udp] [......10.0.2.15][28681] -> [.47.224.174.174][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic idle: [...357] [ip4][..udp] [......10.0.2.15][28681] -> [...98.35.85.238][32173] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -2677,18 +3505,20 @@ idle: [...300] [ip4][..udp] [......10.0.2.15][28681] -> [104.238.172.250][23548] idle: [...324] [ip4][..udp] [......10.0.2.15][28681] -> [.73.250.179.237][20848] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - not-detected: [...177] [ip4][..udp] [......10.0.2.15][28681] -> [.69.157.183.106][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...177] [ip4][..udp] [......10.0.2.15][28681] -> [.69.157.183.106][.6346] + idle: [...177] [ip4][..udp] [......10.0.2.15][28681] -> [.69.157.183.106][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...331] [ip4][..udp] [......10.0.2.15][28681] -> [..45.31.152.112][26851] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...361] [ip4][..udp] [......10.0.2.15][28681] -> [..86.129.196.84][.9915] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] - update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] + update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...366] [ip4][..udp] [......10.0.2.15][28681] -> [....94.8.55.158][51140] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] + update: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...365] [ip4][..udp] [......10.0.2.15][28681] -> [..188.23.24.213][18561] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...340] [ip4][..udp] [......10.0.2.15][28681] -> [.38.142.119.234][49732] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -2699,61 +3529,84 @@ RISK: Unsafe Protocol, Unidirectional Traffic update: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous] RISK: Unsafe Protocol - update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] + update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...359] [ip4][..udp] [......10.0.2.15][51685] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] update: [...344] [ip4][..udp] [......10.0.2.15][28681] -> [.207.38.163.228][.6778] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...323] [ip4][..udp] [......10.0.2.15][28681] -> [.96.246.156.126][56070] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] - update: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] - update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] + update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...336] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][.6888] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] - update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] + update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...368] [ip4][..udp] [......10.0.2.15][28681] -> [...47.147.52.21][36728] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] + update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...363] [ip4][..udp] [......10.0.2.15][28681] -> [...81.205.91.45][38297] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...136] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][16047] - update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] + update: [...136] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][16047] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...362] [ip4][..udp] [......10.0.2.15][28681] -> [190.192.210.182][.6754] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] + update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...321] [ip4][..udp] [......10.0.2.15][28681] -> [188.165.203.190][21995] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...342] [ip4][..udp] [......10.0.2.15][28681] -> [..98.208.26.154][.4994] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...369] [ip4][..udp] [......10.0.2.15][28681] -> [.89.187.171.240][.6346] - update: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] - update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] + update: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...745] [ip4][.icmp] [..164.132.10.25] -> [......10.0.2.15] [ICMP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic update: [...319] [ip4][..udp] [......10.0.2.15][28681] -> [..164.132.10.25][55302] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] - update: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] - update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] - update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] + update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...330] [ip4][..udp] [......10.0.2.15][28681] -> [....82.64.44.11][.1352] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...360] [ip4][..udp] [......10.0.2.15][28681] -> [..198.58.218.12][47912] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...364] [ip4][..udp] [......10.0.2.15][28681] -> [194.163.180.126][10825] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] - update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] - update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] - update: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] + update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...339] [ip4][..udp] [......10.0.2.15][28681] -> [..87.123.54.234][54130] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] - update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] + update: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...367] [ip4][..udp] [......10.0.2.15][28681] -> [.149.28.163.175][49956] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] + update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [...251] [ip4][..udp] [......10.0.2.15][28681] -> [.185.203.218.92][56962] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic idle: [...249] [ip4][..udp] [......10.0.2.15][28681] -> [..45.88.117.218][.6909] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -2763,37 +3616,48 @@ update: [...618] [ip4][..udp] [......10.0.2.15][28681] -> [...1.172.184.48][13281] update: [...544] [ip4][..udp] [......10.0.2.15][28681] -> [..111.184.29.35][30582] update: [...526] [ip4][..udp] [......10.0.2.15][28681] -> [..36.234.197.93][.1483] - update: [...509] [ip4][..udp] [......10.0.2.15][28681] -> [.92.142.109.190][41370] + update: [...509] [ip4][..udp] [......10.0.2.15][28681] -> [.92.142.109.190][41370] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...669] [ip4][..udp] [......10.0.2.15][28681] -> [218.164.200.235][.2846] update: [...609] [ip4][..udp] [......10.0.2.15][28681] -> [116.241.162.162][59016] update: [...690] [ip4][..udp] [......10.0.2.15][28681] -> [..61.18.212.223][50637] update: [...700] [ip4][..udp] [......10.0.2.15][28681] -> [...91.206.27.26][.6578] - update: [...511] [ip4][..udp] [......10.0.2.15][28681] -> [...68.47.223.27][.6346] - update: [...496] [ip4][..udp] [......10.0.2.15][28681] -> [.218.173.230.98][19004] + update: [...511] [ip4][..udp] [......10.0.2.15][28681] -> [...68.47.223.27][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...496] [ip4][..udp] [......10.0.2.15][28681] -> [.218.173.230.98][19004] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...533] [ip4][..udp] [......10.0.2.15][28681] -> [..36.229.185.60][.6898] update: [...592] [ip4][..udp] [......10.0.2.15][28681] -> [....1.36.249.91][.7190] update: [...701] [ip4][..udp] [......10.0.2.15][28681] -> [119.237.190.184][64163] - update: [...495] [ip4][..udp] [......10.0.2.15][28681] -> [...81.247.89.20][.6346] - update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] - update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] - update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] + update: [...495] [ip4][..udp] [......10.0.2.15][28681] -> [...81.247.89.20][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] update: [...603] [ip4][..udp] [......10.0.2.15][28681] -> [....1.36.249.91][64577] update: [...621] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.128.228][.3227] update: [...646] [ip4][..udp] [......10.0.2.15][28681] -> [..36.237.10.152][21293] update: [...740] [ip4][..udp] [......10.0.2.15][28681] -> [...36.237.25.47][21293] - update: [...516] [ip4][..udp] [......10.0.2.15][28681] -> [.119.246.147.72][.4572] + update: [...516] [ip4][..udp] [......10.0.2.15][28681] -> [.119.246.147.72][.4572] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...733] [ip4][..udp] [......10.0.2.15][28681] -> [...99.199.148.6][.4338] update: [...597] [ip4][..udp] [......10.0.2.15][28681] -> [..36.236.203.37][52274] update: [...675] [ip4][..udp] [......10.0.2.15][28681] -> [.123.205.118.77][62191] update: [...738] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.128.228][.3256] update: [...553] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.128.228][.3259] update: [...628] [ip4][..udp] [......10.0.2.15][28681] -> [....45.65.87.24][16201] - update: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] - update: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] + update: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...616] [ip4][..udp] [......10.0.2.15][28681] -> [220.208.167.152][30628] update: [...596] [ip4][..udp] [......10.0.2.15][28681] -> [..61.18.212.223][58954] - update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] + update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...713] [ip4][..udp] [......10.0.2.15][28681] -> [..218.103.139.2][51379] update: [...593] [ip4][..udp] [......10.0.2.15][28681] -> [..124.218.26.16][.9747] update: [...571] [ip4][..udp] [......10.0.2.15][28681] -> [.114.40.163.123][55341] @@ -2815,9 +3679,11 @@ update: [...534] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][54436] update: [...707] [ip4][..udp] [......10.0.2.15][28681] -> [..183.179.14.31][64871] update: [...744] [ip4][..udp] [......10.0.2.15][28681] -> [..164.132.10.25][48250] - update: [...501] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] + update: [...501] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...683] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][54459] - update: [...506] [ip4][..udp] [......10.0.2.15][28681] -> [..136.32.84.139][.6346] + update: [...506] [ip4][..udp] [......10.0.2.15][28681] -> [..136.32.84.139][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...562] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][59879] update: [...619] [ip4][..udp] [......10.0.2.15][28681] -> [...1.163.14.246][.1630] update: [...691] [ip4][..udp] [......10.0.2.15][28681] -> [..61.93.150.146][62507] @@ -2828,11 +3694,13 @@ update: [...622] [ip4][..udp] [......10.0.2.15][28681] -> [..36.234.18.166][61319] update: [...542] [ip4][..udp] [......10.0.2.15][28681] -> [..218.103.139.2][51675] update: [...714] [ip4][..udp] [......10.0.2.15][28681] -> [..76.174.174.69][21358] - update: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] + update: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...614] [ip4][..udp] [......10.0.2.15][28681] -> [.123.205.118.77][60482] update: [...746] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] update: [...606] [ip4][..udp] [......10.0.2.15][28681] -> [.149.28.163.175][42288] - update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] + update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...739] [ip4][..udp] [......10.0.2.15][28681] -> [.104.156.226.72][19814] update: [...587] [ip4][..udp] [......10.0.2.15][28681] -> [.94.134.154.158][54130] update: [...550] [ip4][..udp] [......10.0.2.15][28681] -> [.220.238.145.82][33527] @@ -2843,19 +3711,24 @@ update: [...685] [ip4][..udp] [......10.0.2.15][28681] -> [..111.241.31.96][.8349] update: [...555] [ip4][..udp] [......10.0.2.15][28681] -> [..124.218.26.16][20387] update: [...721] [ip4][..udp] [......10.0.2.15][28681] -> [.123.203.72.224][.9897] - update: [...371] [ip4][..udp] [......10.0.2.15][28681] -> [.109.131.202.24][44748] + update: [...371] [ip4][..udp] [......10.0.2.15][28681] -> [.109.131.202.24][44748] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...631] [ip4][..udp] [......10.0.2.15][28681] -> [..36.231.59.187][62234] update: [...591] [ip4][..udp] [......10.0.2.15][28681] -> [..118.168.15.71][53707] update: [...594] [ip4][..udp] [......10.0.2.15][28681] -> [.119.237.116.22][.7375] update: [...613] [ip4][..udp] [......10.0.2.15][28681] -> [119.247.152.218][51920] update: [...617] [ip4][..udp] [......10.0.2.15][28681] -> [.119.237.116.22][.7380] - update: [...508] [ip4][..udp] [......10.0.2.15][28681] -> [...92.144.99.73][10745] + update: [...508] [ip4][..udp] [......10.0.2.15][28681] -> [...92.144.99.73][10745] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...582] [ip4][..udp] [......10.0.2.15][28681] -> [....223.16.83.5][10624] update: [...573] [ip4][..udp] [......10.0.2.15][28681] -> [..71.239.173.18][23327] - update: [...513] [ip4][..udp] [......10.0.2.15][28681] -> [..78.196.216.12][58910] - update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] + update: [...513] [ip4][..udp] [......10.0.2.15][28681] -> [..78.196.216.12][58910] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...568] [ip4][..udp] [......10.0.2.15][28681] -> [.123.205.118.77][56562] - update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] + update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...538] [ip4][..udp] [......10.0.2.15][28681] -> [.124.218.41.253][14339] update: [...623] [ip4][..udp] [......10.0.2.15][28681] -> [.210.209.249.84][24751] update: [...629] [ip4][..udp] [......10.0.2.15][28681] -> [.14.200.255.229][45710] @@ -2868,20 +3741,28 @@ update: [...600] [ip4][..udp] [......10.0.2.15][28681] -> [....1.64.156.63][60092] update: [...645] [ip4][..udp] [......10.0.2.15][28681] -> [...59.104.173.5][49803] update: [...661] [ip4][..udp] [......10.0.2.15][28681] -> [...24.127.1.235][37814] - update: [...499] [ip4][..udp] [......10.0.2.15][28681] -> [....1.161.80.82][.8656] + update: [...499] [ip4][..udp] [......10.0.2.15][28681] -> [....1.161.80.82][.8656] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...626] [ip4][..udp] [......10.0.2.15][28681] -> [...59.104.173.5][49815] update: [...703] [ip4][..udp] [......10.0.2.15][28681] -> [..114.40.67.191][14971] update: [...560] [ip4][..udp] [......10.0.2.15][28681] -> [..118.168.15.71][53883] update: [...656] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][54914] update: [...727] [ip4][..udp] [......10.0.2.15][28681] -> [101.136.187.253][10914] update: [...521] [ip4][..udp] [......10.0.2.15][28681] -> [.113.255.250.32][23458] - update: [...503] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] - update: [...505] [ip4][..udp] [......10.0.2.15][28681] -> [.....42.2.62.28][.6387] - update: [...494] [ip4][..udp] [......10.0.2.15][28681] -> [...86.210.81.59][.6346] - update: [...370] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.56.198][11984] - update: [...173] [ip4][..udp] [......10.0.2.15][28681] -> [..121.99.222.36][44988] - update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] - update: [...498] [ip4][..udp] [......10.0.2.15][28681] -> [...8.44.149.207][30551] + update: [...503] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...505] [ip4][..udp] [......10.0.2.15][28681] -> [.....42.2.62.28][.6387] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...494] [ip4][..udp] [......10.0.2.15][28681] -> [...86.210.81.59][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...370] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.56.198][11984] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...173] [ip4][..udp] [......10.0.2.15][28681] -> [..121.99.222.36][44988] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...498] [ip4][..udp] [......10.0.2.15][28681] -> [...8.44.149.207][30551] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...704] [ip4][..udp] [......10.0.2.15][28681] -> [..123.192.83.59][33513] update: [...641] [ip4][..udp] [......10.0.2.15][28681] -> [.36.233.199.103][.2625] update: [...717] [ip4][..udp] [......10.0.2.15][28681] -> [...79.191.58.38][48157] @@ -2902,22 +3783,29 @@ update: [...716] [ip4][..udp] [......10.0.2.15][28681] -> [...98.249.190.8][25198] update: [...731] [ip4][..udp] [......10.0.2.15][28681] -> [..50.58.238.163][.6564] update: [...545] [ip4][..udp] [......10.0.2.15][28681] -> [..116.49.159.77][55915] - update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] - update: [...374] [ip4][..udp] [......10.0.2.15][28681] -> [....62.35.190.5][18604] + update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...374] [ip4][..udp] [......10.0.2.15][28681] -> [....62.35.190.5][18604] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...735] [ip4][..udp] [......10.0.2.15][28681] -> [..45.31.152.112][52420] - update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] + update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...663] [ip4][..udp] [......10.0.2.15][28681] -> [..50.58.238.163][.6594] update: [...634] [ip4][..udp] [......10.0.2.15][28681] -> [..24.179.18.242][47329] update: [...747] [ip4][..udp] [......10.0.2.15][28681] -> [..50.58.238.163][.6599] update: [...527] [ip4][..udp] [......10.0.2.15][28681] -> [..42.72.149.140][37848] update: [...643] [ip4][..udp] [......10.0.2.15][28681] -> [..31.20.248.147][30706] update: [...711] [ip4][..udp] [......10.0.2.15][28681] -> [..220.129.86.65][49723] - update: [...504] [ip4][..udp] [......10.0.2.15][28681] -> [..85.203.45.107][.6346] + update: [...504] [ip4][..udp] [......10.0.2.15][28681] -> [..85.203.45.107][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...563] [ip4][..udp] [......10.0.2.15][28681] -> [...112.105.52.2][.6831] - update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] + update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...639] [ip4][..udp] [......10.0.2.15][28681] -> [.119.237.116.22][.7849] - update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] - update: [...372] [ip4][..udp] [......10.0.2.15][28681] -> [.91.179.185.126][.6346] + update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...372] [ip4][..udp] [......10.0.2.15][28681] -> [.91.179.185.126][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...729] [ip4][..udp] [......10.0.2.15][28681] -> [..114.47.227.91][54463] update: [...732] [ip4][..udp] [......10.0.2.15][28681] -> [..85.168.34.105][39908] update: [...633] [ip4][..udp] [......10.0.2.15][28681] -> [..68.174.18.115][50679] @@ -2932,7 +3820,8 @@ update: [...644] [ip4][..udp] [......10.0.2.15][28681] -> [...173.22.22.94][34245] update: [...666] [ip4][..udp] [......10.0.2.15][28681] -> [.159.196.95.223][.2003] update: [...648] [ip4][..udp] [......10.0.2.15][28681] -> [180.218.135.222][.4548] - update: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] + update: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...579] [ip4][..udp] [......10.0.2.15][28681] -> [.223.16.170.108][23458] update: [...677] [ip4][..udp] [......10.0.2.15][28681] -> [....223.16.83.5][.9128] update: [...706] [ip4][..udp] [......10.0.2.15][28681] -> [218.164.200.235][.1968] @@ -2944,16 +3833,22 @@ update: [...741] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.128.228][.4364] update: [...696] [ip4][..udp] [......10.0.2.15][28681] -> [188.165.203.190][55050] update: [...537] [ip4][..udp] [......10.0.2.15][28681] -> [218.164.200.235][.2034] - update: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] - update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] + update: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...585] [ip4][..udp] [......10.0.2.15][28681] -> [..51.68.153.214][35004] - update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] - update: [...502] [ip4][..udp] [......10.0.2.15][28681] -> [..47.156.58.211][.6346] - update: [...507] [ip4][..udp] [......10.0.2.15][28681] -> [...50.4.204.220][.6346] + update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...502] [ip4][..udp] [......10.0.2.15][28681] -> [..47.156.58.211][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...507] [ip4][..udp] [......10.0.2.15][28681] -> [...50.4.204.220][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...686] [ip4][..udp] [......10.0.2.15][28681] -> [.119.14.143.237][13965] update: [...662] [ip4][..udp] [......10.0.2.15][28681] -> [..96.59.117.166][33192] update: [...535] [ip4][..udp] [......10.0.2.15][28681] -> [...114.27.24.95][10655] - update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] + update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...602] [ip4][..udp] [......10.0.2.15][28681] -> [.123.203.72.224][53658] update: [...589] [ip4][..udp] [......10.0.2.15][28681] -> [.113.255.250.32][52647] update: [...653] [ip4][..udp] [......10.0.2.15][28681] -> [....82.12.1.136][.6348] @@ -2961,8 +3856,10 @@ update: [...610] [ip4][..udp] [......10.0.2.15][28681] -> [..61.10.174.159][.4841] update: [...532] [ip4][..udp] [......10.0.2.15][28681] -> [...114.27.24.95][10677] update: [...695] [ip4][..udp] [......10.0.2.15][28681] -> [..76.189.72.230][.8161] - update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] - update: [...512] [ip4][..udp] [......10.0.2.15][28681] -> [..209.204.207.5][49256] + update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...512] [ip4][..udp] [......10.0.2.15][28681] -> [..209.204.207.5][49256] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...734] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.91.201][.4297] update: [...627] [ip4][..udp] [......10.0.2.15][28681] -> [..73.62.225.181][46843] update: [...552] [ip4][..udp] [......10.0.2.15][28681] -> [...218.250.6.59][60012] @@ -2974,11 +3871,13 @@ update: [...671] [ip4][..udp] [......10.0.2.15][28681] -> [180.218.135.222][49867] update: [...574] [ip4][..udp] [......10.0.2.15][28681] -> [..223.17.132.18][23458] update: [...678] [ip4][..udp] [......10.0.2.15][28681] -> [150.116.225.105][51438] - update: [...518] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] + update: [...518] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...715] [ip4][..udp] [......10.0.2.15][28681] -> [...219.71.72.88][58808] update: [...659] [ip4][..udp] [......10.0.2.15][28681] -> [...114.27.24.95][10791] update: [...543] [ip4][..udp] [......10.0.2.15][28681] -> [..114.39.159.60][56896] - update: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] + update: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...564] [ip4][..udp] [......10.0.2.15][28681] -> [..61.222.160.99][53144] update: [...557] [ip4][..udp] [......10.0.2.15][28681] -> [..61.222.160.99][53163] update: [...647] [ip4][..udp] [......10.0.2.15][28681] -> [..61.18.212.223][58290] @@ -2990,15 +3889,21 @@ update: [...576] [ip4][..udp] [......10.0.2.15][28681] -> [104.238.172.250][42925] update: [...570] [ip4][..udp] [......10.0.2.15][28681] -> [..97.83.183.148][.8890] update: [...680] [ip4][..udp] [......10.0.2.15][28681] -> [.61.227.198.100][.6910] - update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] - update: [...500] [ip4][..udp] [......10.0.2.15][28681] -> [.220.143.34.225][20071] + update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...500] [ip4][..udp] [......10.0.2.15][28681] -> [.220.143.34.225][20071] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...566] [ip4][..udp] [......10.0.2.15][28681] -> [...58.176.62.40][52755] - update: [...514] [ip4][..udp] [......10.0.2.15][28681] -> [..83.114.40.175][23552] + update: [...514] [ip4][..udp] [......10.0.2.15][28681] -> [..83.114.40.175][23552] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...599] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][59875] - update: [...517] [ip4][..udp] [......10.0.2.15][28681] -> [..36.239.162.27][.7986] - update: [...519] [ip4][..udp] [......10.0.2.15][28681] -> [...219.70.48.23][.8070] + update: [...517] [ip4][..udp] [......10.0.2.15][28681] -> [..36.239.162.27][.7986] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...519] [ip4][..udp] [......10.0.2.15][28681] -> [...219.70.48.23][.8070] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...601] [ip4][..udp] [......10.0.2.15][28681] -> [113.255.200.161][65274] - update: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] + update: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...638] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.242.225][15068] update: [...726] [ip4][..udp] [......10.0.2.15][28681] -> [....1.171.82.65][50072] update: [...608] [ip4][..udp] [......10.0.2.15][28681] -> [...1.163.14.246][23461] @@ -3017,14 +3922,19 @@ update: [...709] [ip4][..udp] [......10.0.2.15][28681] -> [.223.16.121.156][.3624] update: [...547] [ip4][..udp] [......10.0.2.15][28681] -> [213.229.111.224][43316] update: [...687] [ip4][..udp] [......10.0.2.15][28681] -> [..66.30.221.181][53454] - update: [...510] [ip4][..udp] [......10.0.2.15][28681] -> [...79.94.85.113][.6346] + update: [...510] [ip4][..udp] [......10.0.2.15][28681] -> [...79.94.85.113][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...652] [ip4][..udp] [......10.0.2.15][28681] -> [..94.139.21.182][50110] update: [...530] [ip4][..udp] [......10.0.2.15][28681] -> [118.167.248.220][59304] - update: [...497] [ip4][..udp] [......10.0.2.15][28681] -> [..84.100.76.123][39628] + update: [...497] [ip4][..udp] [......10.0.2.15][28681] -> [..84.100.76.123][39628] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...569] [ip4][..udp] [......10.0.2.15][28681] -> [....73.89.249.8][50649] - update: [...373] [ip4][..udp] [......10.0.2.15][28681] -> [..88.122.233.15][11488] - update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] - update: [...515] [ip4][..udp] [......10.0.2.15][28681] -> [220.137.106.173][11625] + update: [...373] [ip4][..udp] [......10.0.2.15][28681] -> [..88.122.233.15][11488] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...515] [ip4][..udp] [......10.0.2.15][28681] -> [220.137.106.173][11625] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...522] [ip4][..udp] [......10.0.2.15][28681] -> [119.247.152.218][51153] update: [...590] [ip4][..udp] [......10.0.2.15][28681] -> [...95.10.205.67][48380] update: [...605] [ip4][..udp] [......10.0.2.15][28681] -> [180.149.125.139][.6578] @@ -3053,24 +3963,32 @@ idle: [...252] [ip4][..udp] [......10.0.2.15][28681] -> [..72.140.120.41][47739] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...377] [ip4][..udp] [......10.0.2.15][28681] -> [.180.200.236.13][12082] - update: [...433] [ip4][..udp] [......10.0.2.15][28681] -> [.99.255.145.191][47264] - update: [...404] [ip4][..udp] [......10.0.2.15][28681] -> [.86.234.216.251][17845] + update: [...433] [ip4][..udp] [......10.0.2.15][28681] -> [.99.255.145.191][47264] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...404] [ip4][..udp] [......10.0.2.15][28681] -> [.86.234.216.251][17845] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...441] [ip4][..udp] [......10.0.2.15][28681] -> [.36.237.199.108][56040] update: [...450] [ip4][..udp] [......10.0.2.15][28681] -> [113.252.206.254][23458] - update: [...426] [ip4][..udp] [......10.0.2.15][28681] -> [..219.71.44.121][14398] + update: [...426] [ip4][..udp] [......10.0.2.15][28681] -> [..219.71.44.121][14398] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...247] [ip4][..udp] [......10.0.2.15][28681] -> [..181.84.178.16][60262] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...411] [ip4][..udp] [......10.0.2.15][28681] -> [...89.143.28.64][.6346] - update: [...408] [ip4][..udp] [......10.0.2.15][28681] -> [...90.103.2.245][.6346] - update: [...424] [ip4][..udp] [......10.0.2.15][28681] -> [..93.15.216.216][.6346] + update: [...411] [ip4][..udp] [......10.0.2.15][28681] -> [...89.143.28.64][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...408] [ip4][..udp] [......10.0.2.15][28681] -> [...90.103.2.245][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...424] [ip4][..udp] [......10.0.2.15][28681] -> [..93.15.216.216][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...309] [ip4][..udp] [......10.0.2.15][28681] -> [.47.220.186.140][27641] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...479] [ip4][..udp] [......10.0.2.15][28681] -> [.123.205.13.148][51896] - update: [...422] [ip4][..udp] [......10.0.2.15][28681] -> [..88.123.35.219][42211] + update: [...422] [ip4][..udp] [......10.0.2.15][28681] -> [..88.123.35.219][42211] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...394] [ip4][..udp] [......10.0.2.15][28681] -> [.165.84.134.136][21407] update: [...254] [ip4][..udp] [......10.0.2.15][28681] -> [..88.120.73.215][24562] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...439] [ip4][..udp] [......10.0.2.15][28681] -> [..176.135.15.86][.6346] + update: [...439] [ip4][..udp] [......10.0.2.15][28681] -> [..176.135.15.86][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...474] [ip4][..udp] [......10.0.2.15][28681] -> [..80.61.221.246][45880] update: [...398] [ip4][..udp] [......10.0.2.15][28681] -> [.62.102.148.166][31332] update: [...477] [ip4][..udp] [......10.0.2.15][28681] -> [....94.54.66.82][45640] @@ -3080,33 +3998,44 @@ update: [...461] [ip4][..udp] [......10.0.2.15][28681] -> [..69.27.193.124][50555] update: [...472] [ip4][..udp] [......10.0.2.15][28681] -> [....94.54.66.82][45744] update: [...471] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][43457] - update: [...481] [ip4][..udp] [......10.0.2.15][28681] -> [..82.120.219.74][.6346] + update: [...481] [ip4][..udp] [......10.0.2.15][28681] -> [..82.120.219.74][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...476] [ip4][..udp] [......10.0.2.15][28681] -> [..98.18.172.208][63172] update: [...381] [ip4][..udp] [......10.0.2.15][28681] -> [...77.58.211.52][.3806] update: [...386] [ip4][..udp] [......10.0.2.15][28681] -> [...85.172.10.90][40162] - update: [...435] [ip4][..udp] [......10.0.2.15][28681] -> [.109.24.146.101][.6346] - update: [...465] [ip4][..udp] [......10.0.2.15][28681] -> [.....2.28.39.18][15672] + update: [...435] [ip4][..udp] [......10.0.2.15][28681] -> [.109.24.146.101][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...465] [ip4][..udp] [......10.0.2.15][28681] -> [.....2.28.39.18][15672] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...310] [ip4][..udp] [......10.0.2.15][28681] -> [.118.240.69.199][.6348] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...306] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] - update: [...421] [ip4][..udp] [......10.0.2.15][28681] -> [..175.182.39.11][12977] + update: [...306] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...421] [ip4][..udp] [......10.0.2.15][28681] -> [..175.182.39.11][12977] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...392] [ip4][..udp] [......10.0.2.15][28681] -> [....42.0.69.215][12608] update: [...265] [ip4][..udp] [......10.0.2.15][28681] -> [203.220.198.244][.1194] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...416] [ip4][..udp] [......10.0.2.15][28681] -> [..92.139.61.103][24096] + update: [...416] [ip4][..udp] [......10.0.2.15][28681] -> [..92.139.61.103][24096] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...304] [ip4][..udp] [......10.0.2.15][28681] -> [.193.32.126.214][59596] update: [...443] [ip4][..udp] [......10.0.2.15][28681] -> [..183.179.14.31][54754] update: [...389] [ip4][..udp] [......10.0.2.15][28681] -> [..94.215.183.71][31310] - update: [...413] [ip4][..udp] [......10.0.2.15][28681] -> [...87.65.188.29][24676] + update: [...413] [ip4][..udp] [......10.0.2.15][28681] -> [...87.65.188.29][24676] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...242] [ip4][..udp] [......10.0.2.15][28681] -> [..75.133.101.93][52367] update: [...260] [ip4][..udp] [......10.0.2.15][28681] -> [.46.128.114.107][.6578] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...412] [ip4][..udp] [......10.0.2.15][28681] -> [...58.177.52.73][.6346] - update: [...418] [ip4][..udp] [......10.0.2.15][28681] -> [.75.129.149.103][.6346] + update: [...412] [ip4][..udp] [......10.0.2.15][28681] -> [...58.177.52.73][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...418] [ip4][..udp] [......10.0.2.15][28681] -> [.75.129.149.103][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...308] [ip4][..udp] [......10.0.2.15][28681] -> [...81.205.91.45][40137] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...468] [ip4][..udp] [......10.0.2.15][28681] -> [..94.214.12.247][44001] - update: [...466] [ip4][..udp] [......10.0.2.15][28681] -> [...70.119.248.5][49929] + update: [...468] [ip4][..udp] [......10.0.2.15][28681] -> [..94.214.12.247][44001] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...466] [ip4][..udp] [......10.0.2.15][28681] -> [...70.119.248.5][49929] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...259] [ip4][..udp] [......10.0.2.15][28681] -> [103.232.107.100][43508] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...446] [ip4][..udp] [......10.0.2.15][28681] -> [..61.70.199.107][60475] @@ -3119,26 +4048,33 @@ update: [...384] [ip4][..udp] [......10.0.2.15][28681] -> [....75.64.6.175][.4743] update: [...378] [ip4][..udp] [......10.0.2.15][28681] -> [.118.241.204.61][43366] update: [...456] [ip4][..udp] [......10.0.2.15][28681] -> [.89.241.112.255][14766] - update: [...428] [ip4][..udp] [......10.0.2.15][28681] -> [....86.162.97.8][.6346] + update: [...428] [ip4][..udp] [......10.0.2.15][28681] -> [....86.162.97.8][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...375] [ip4][..udp] [......10.0.2.15][28681] -> [..73.182.136.42][27873] update: [...455] [ip4][..udp] [......10.0.2.15][28681] -> [.58.153.206.183][16919] update: [...453] [ip4][..udp] [......10.0.2.15][28681] -> [..74.127.26.138][.3083] - update: [...425] [ip4][..udp] [......10.0.2.15][28681] -> [..145.82.53.165][.6346] + update: [...425] [ip4][..udp] [......10.0.2.15][28681] -> [..145.82.53.165][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...257] [ip4][..udp] [......10.0.2.15][28681] -> [.82.181.251.218][36368] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...460] [ip4][..udp] [......10.0.2.15][28681] -> [.210.194.116.78][.8342] update: [...454] [ip4][..udp] [......10.0.2.15][28681] -> [.223.16.121.156][23183] - update: [...401] [ip4][..udp] [......10.0.2.15][28681] -> [.173.178.192.76][.6346] - update: [...484] [ip4][..udp] [......10.0.2.15][28681] -> [...107.4.56.177][10000] - update: [...406] [ip4][..udp] [......10.0.2.15][28681] -> [....109.27.3.68][57380] + update: [...401] [ip4][..udp] [......10.0.2.15][28681] -> [.173.178.192.76][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...484] [ip4][..udp] [......10.0.2.15][28681] -> [...107.4.56.177][10000] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...406] [ip4][..udp] [......10.0.2.15][28681] -> [....109.27.3.68][57380] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...399] [ip4][..udp] [......10.0.2.15][28681] -> [.175.39.219.223][31728] update: [...469] [ip4][..udp] [......10.0.2.15][28681] -> [..87.123.54.234][47184] update: [...356] [ip4][..udp] [......10.0.2.15][28681] -> [.63.228.175.169][.1936] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...467] [ip4][..udp] [......10.0.2.15][28681] -> [...61.64.177.53][23458] + update: [...467] [ip4][..udp] [......10.0.2.15][28681] -> [...61.64.177.53][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...355] [ip4][..udp] [......10.0.2.15][28681] -> [.181.118.53.212][29998] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...431] [ip4][..udp] [......10.0.2.15][28681] -> [..88.124.71.246][49035] + update: [...431] [ip4][..udp] [......10.0.2.15][28681] -> [..88.124.71.246][49035] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...388] [ip4][..udp] [......10.0.2.15][28681] -> [...121.7.145.36][33905] update: [...303] [ip4][..udp] [......10.0.2.15][28681] -> [.142.132.165.13][30566] update: [...246] [ip4][..udp] [......10.0.2.15][28681] -> [...96.65.68.194][35481] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -3146,70 +4082,95 @@ update: [...395] [ip4][..udp] [......10.0.2.15][28681] -> [..191.114.88.39][18751] update: [...301] [ip4][..udp] [......10.0.2.15][28681] -> [..188.61.52.183][11852] update: [...483] [ip4][..udp] [.......10.0.2.2][.1026] -> [......10.0.2.15][28681] - update: [...402] [ip4][..udp] [......10.0.2.15][28681] -> [...78.219.202.2][.6346] - update: [...420] [ip4][..udp] [......10.0.2.15][28681] -> [..86.227.127.34][.6346] - update: [...417] [ip4][..udp] [......10.0.2.15][28681] -> [.94.187.236.179][.6346] + update: [...402] [ip4][..udp] [......10.0.2.15][28681] -> [...78.219.202.2][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...420] [ip4][..udp] [......10.0.2.15][28681] -> [..86.227.127.34][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...417] [ip4][..udp] [......10.0.2.15][28681] -> [.94.187.236.179][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...317] [ip4][..udp] [......10.0.2.15][28681] -> [...96.236.205.7][34794] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...376] [ip4][..udp] [......10.0.2.15][28681] -> [....156.57.42.2][33476] - update: [...485] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.209][.6346] + update: [...485] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.209][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...261] [ip4][..udp] [......10.0.2.15][28681] -> [..60.241.48.194][21301] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...243] [ip4][..udp] [......10.0.2.15][28681] -> [.104.156.226.72][53258] - update: [...427] [ip4][..udp] [......10.0.2.15][28681] -> [...81.249.13.30][15138] + update: [...427] [ip4][..udp] [......10.0.2.15][28681] -> [...81.249.13.30][15138] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...313] [ip4][..udp] [......10.0.2.15][28681] -> [..176.99.176.20][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...405] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.31.118][.6346] + update: [...405] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.31.118][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...387] [ip4][..udp] [......10.0.2.15][28681] -> [....220.135.8.7][.1219] update: [...302] [ip4][..udp] [......10.0.2.15][28681] -> [.185.187.74.173][53489] update: [...255] [ip4][..udp] [......10.0.2.15][28681] -> [..80.61.221.246][30577] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...415] [ip4][..udp] [......10.0.2.15][28681] -> [..90.247.160.96][17817] + update: [...415] [ip4][..udp] [......10.0.2.15][28681] -> [..90.247.160.96][17817] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...458] [ip4][..udp] [......10.0.2.15][28681] -> [118.165.228.167][12201] - update: [...486] [ip4][..udp] [......10.0.2.15][28681] -> [...88.68.45.203][.6346] - update: [...410] [ip4][..udp] [......10.0.2.15][28681] -> [..93.28.130.131][.6346] + update: [...486] [ip4][..udp] [......10.0.2.15][28681] -> [...88.68.45.203][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...410] [ip4][..udp] [......10.0.2.15][28681] -> [..93.28.130.131][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...248] [ip4][..udp] [......10.0.2.15][28681] -> [..66.30.221.181][12012] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...380] [ip4][..udp] [......10.0.2.15][28681] -> [...83.86.49.195][12019] - update: [...423] [ip4][..udp] [......10.0.2.15][28681] -> [..119.247.6.226][.9713] - update: [...438] [ip4][..udp] [......10.0.2.15][28681] -> [..71.86.190.163][14142] - update: [...403] [ip4][..udp] [......10.0.2.15][28681] -> [197.244.171.132][.6346] + update: [...423] [ip4][..udp] [......10.0.2.15][28681] -> [..119.247.6.226][.9713] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...438] [ip4][..udp] [......10.0.2.15][28681] -> [..71.86.190.163][14142] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...403] [ip4][..udp] [......10.0.2.15][28681] -> [197.244.171.132][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...457] [ip4][..udp] [......10.0.2.15][28681] -> [119.247.240.113][13867] - update: [...429] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.215.213][23576] - update: [...436] [ip4][..udp] [......10.0.2.15][28681] -> [.219.68.179.137][.6406] - update: [...414] [ip4][..udp] [......10.0.2.15][28681] -> [175.181.156.244][.8255] + update: [...429] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.215.213][23576] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...436] [ip4][..udp] [......10.0.2.15][28681] -> [.219.68.179.137][.6406] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...414] [ip4][..udp] [......10.0.2.15][28681] -> [175.181.156.244][.8255] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...383] [ip4][..udp] [......10.0.2.15][28681] -> [...84.71.243.60][34498] - update: [...409] [ip4][..udp] [......10.0.2.15][28681] -> [...86.194.53.68][33770] - update: [...482] [ip4][..udp] [......10.0.2.15][28681] -> [..86.193.23.172][42227] - update: [...400] [ip4][..udp] [......10.0.2.15][28681] -> [..129.45.47.167][.6346] + update: [...409] [ip4][..udp] [......10.0.2.15][28681] -> [...86.194.53.68][33770] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...482] [ip4][..udp] [......10.0.2.15][28681] -> [..86.193.23.172][42227] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...400] [ip4][..udp] [......10.0.2.15][28681] -> [..129.45.47.167][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...263] [ip4][..udp] [......10.0.2.15][28681] -> [..82.217.176.52][.7446] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...253] [ip4][..udp] [......10.0.2.15][28681] -> [.193.37.255.130][61616] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...407] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][.6346] + update: [...407] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...463] [ip4][..udp] [......10.0.2.15][28681] -> [..200.7.155.210][28365] update: [...452] [ip4][..udp] [......10.0.2.15][28681] -> [..68.227.193.37][27481] update: [...390] [ip4][..udp] [......10.0.2.15][28681] -> [144.134.132.206][16401] - update: [...440] [ip4][..udp] [......10.0.2.15][28681] -> [203.165.170.112][37087] + update: [...440] [ip4][..udp] [......10.0.2.15][28681] -> [203.165.170.112][37087] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...448] [ip4][..udp] [......10.0.2.15][28681] -> [116.241.162.162][15677] update: [...459] [ip4][..udp] [......10.0.2.15][28681] -> [...100.89.84.59][11603] update: [...391] [ip4][..udp] [......10.0.2.15][28681] -> [...161.81.38.67][.9539] - update: [...437] [ip4][..udp] [......10.0.2.15][28681] -> [....31.38.163.2][.6346] + update: [...437] [ip4][..udp] [......10.0.2.15][28681] -> [....31.38.163.2][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...316] [ip4][..udp] [......10.0.2.15][28681] -> [....94.54.66.82][63637] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...262] [ip4][..udp] [......10.0.2.15][28681] -> [....89.75.52.19][46010] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...445] [ip4][..udp] [......10.0.2.15][28681] -> [118.165.153.100][.4509] - update: [...419] [ip4][..udp] [......10.0.2.15][28681] -> [...78.193.236.8][46557] + update: [...419] [ip4][..udp] [......10.0.2.15][28681] -> [...78.193.236.8][46557] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...393] [ip4][..udp] [......10.0.2.15][28681] -> [.58.115.158.103][.5110] - update: [...432] [ip4][..udp] [......10.0.2.15][28681] -> [...104.6.118.53][.6346] + update: [...432] [ip4][..udp] [......10.0.2.15][28681] -> [...104.6.118.53][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...464] [ip4][..udp] [......10.0.2.15][28681] -> [...101.128.66.8][34512] update: [...382] [ip4][..udp] [......10.0.2.15][28681] -> [..76.175.11.126][40958] update: [...480] [ip4][..udp] [......10.0.2.15][28681] -> [..112.119.74.26][65498] - update: [...434] [ip4][..udp] [......10.0.2.15][28681] -> [.114.24.182.130][22232] + update: [...434] [ip4][..udp] [......10.0.2.15][28681] -> [.114.24.182.130][22232] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...462] [ip4][..udp] [......10.0.2.15][28681] -> [..164.132.10.25][47808] update: [...397] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][24634] - update: [...430] [ip4][..udp] [......10.0.2.15][28681] -> [....90.8.95.165][40763] + update: [...430] [ip4][..udp] [......10.0.2.15][28681] -> [....90.8.95.165][40763] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...475] [ip4][..udp] [......10.0.2.15][28681] -> [..188.61.52.183][63978] update: [...473] [ip4][..udp] [......10.0.2.15][28681] -> [.142.132.165.13][33564] update: [...264] [ip4][..udp] [......10.0.2.15][28681] -> [...95.10.205.67][11603] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -3252,29 +4213,42 @@ RISK: Unsafe Protocol, Unidirectional Traffic idle: [...264] [ip4][..udp] [......10.0.2.15][28681] -> [...95.10.205.67][11603] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...488] [ip4][..udp] [......10.0.2.15][28681] -> [.183.179.90.112][.9852] - update: [...490] [ip4][..udp] [......10.0.2.15][28681] -> [...90.3.215.132][20356] + update: [...488] [ip4][..udp] [......10.0.2.15][28681] -> [.183.179.90.112][.9852] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...490] [ip4][..udp] [......10.0.2.15][28681] -> [...90.3.215.132][20356] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...745] [ip4][.icmp] [..164.132.10.25] -> [......10.0.2.15] [ICMP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic - update: [...489] [ip4][..udp] [......10.0.2.15][28681] -> [...108.44.45.25][.6346] - update: [...487] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] - update: [...491] [ip4][..udp] [......10.0.2.15][28681] -> [..36.233.42.210][.5512] - update: [...492] [ip4][..udp] [......10.0.2.15][28681] -> [...172.94.41.71][.6346] + update: [...489] [ip4][..udp] [......10.0.2.15][28681] -> [...108.44.45.25][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...487] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...491] [ip4][..udp] [......10.0.2.15][28681] -> [..36.233.42.210][.5512] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...492] [ip4][..udp] [......10.0.2.15][28681] -> [...172.94.41.71][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...755] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] + detected: [...755] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...242] [ip4][..udp] [......10.0.2.15][28681] -> [..75.133.101.93][52367] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...242] [ip4][..udp] [......10.0.2.15][28681] -> [..75.133.101.93][52367] idle: [...308] [ip4][..udp] [......10.0.2.15][28681] -> [...81.205.91.45][40137] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...750] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] + update: [...750] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...331] [ip4][..udp] [......10.0.2.15][28681] -> [..45.31.152.112][26851] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...361] [ip4][..udp] [......10.0.2.15][28681] -> [..86.129.196.84][.9915] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...752] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] - update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] - update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] - update: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] + update: [...752] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...340] [ip4][..udp] [......10.0.2.15][28681] -> [.38.142.119.234][49732] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...335] [ip4][..udp] [......10.0.2.15][28681] -> [.14.200.255.229][37058] @@ -3282,97 +4256,135 @@ RISK: Unsafe Protocol, Unidirectional Traffic update: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous] RISK: Unsafe Protocol - update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] + update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...344] [ip4][..udp] [......10.0.2.15][28681] -> [.207.38.163.228][.6778] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...323] [ip4][..udp] [......10.0.2.15][28681] -> [.96.246.156.126][56070] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] - update: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] - update: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] - update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] + update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...336] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][.6888] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] - update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] - update: [...751] [ip4][..udp] [......10.0.2.15][28681] -> [142.115.218.152][.5900] - update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] - update: [...136] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][16047] - update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] - update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] + update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...751] [ip4][..udp] [......10.0.2.15][28681] -> [142.115.218.152][.5900] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...136] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][16047] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...321] [ip4][..udp] [......10.0.2.15][28681] -> [188.165.203.190][21995] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...342] [ip4][..udp] [......10.0.2.15][28681] -> [..98.208.26.154][.4994] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...749] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] + update: [...749] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...369] [ip4][..udp] [......10.0.2.15][28681] -> [.89.187.171.240][.6346] - update: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] - update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] + update: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...319] [ip4][..udp] [......10.0.2.15][28681] -> [..164.132.10.25][55302] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] - update: [...753] [ip4][..udp] [......10.0.2.15][28681] -> [..165.84.140.96][14400] - update: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] - update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] - update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] + update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...753] [ip4][..udp] [......10.0.2.15][28681] -> [..165.84.140.96][14400] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...364] [ip4][..udp] [......10.0.2.15][28681] -> [194.163.180.126][10825] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] - update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] - update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] - update: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] + update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...339] [ip4][..udp] [......10.0.2.15][28681] -> [..87.123.54.234][54130] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] - update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] + update: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...367] [ip4][..udp] [......10.0.2.15][28681] -> [.149.28.163.175][49956] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] + update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...756] [ip4][..udp] [......10.0.2.15][28681] -> [..41.100.68.255][12838] + detected: [...756] [ip4][..udp] [......10.0.2.15][28681] -> [..41.100.68.255][12838] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol idle: [....20] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous] RISK: Unsafe Protocol - not-detected: [...136] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][16047] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...136] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][16047] - not-detected: [...173] [ip4][..udp] [......10.0.2.15][28681] -> [..121.99.222.36][44988] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...173] [ip4][..udp] [......10.0.2.15][28681] -> [..121.99.222.36][44988] + idle: [...136] [ip4][..udp] [......10.0.2.15][28681] -> [.80.236.247.120][16047] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...173] [ip4][..udp] [......10.0.2.15][28681] -> [..121.99.222.36][44988] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...577] [ip4][..udp] [......10.0.2.15][28681] -> [.59.148.100.237][23459] update: [...586] [ip4][..udp] [......10.0.2.15][28681] -> [..221.124.66.33][13060] update: [...618] [ip4][..udp] [......10.0.2.15][28681] -> [...1.172.184.48][13281] update: [...544] [ip4][..udp] [......10.0.2.15][28681] -> [..111.184.29.35][30582] update: [...526] [ip4][..udp] [......10.0.2.15][28681] -> [..36.234.197.93][.1483] - update: [...509] [ip4][..udp] [......10.0.2.15][28681] -> [.92.142.109.190][41370] + update: [...509] [ip4][..udp] [......10.0.2.15][28681] -> [.92.142.109.190][41370] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...669] [ip4][..udp] [......10.0.2.15][28681] -> [218.164.200.235][.2846] update: [...609] [ip4][..udp] [......10.0.2.15][28681] -> [116.241.162.162][59016] update: [...690] [ip4][..udp] [......10.0.2.15][28681] -> [..61.18.212.223][50637] update: [...700] [ip4][..udp] [......10.0.2.15][28681] -> [...91.206.27.26][.6578] - update: [...511] [ip4][..udp] [......10.0.2.15][28681] -> [...68.47.223.27][.6346] - update: [...496] [ip4][..udp] [......10.0.2.15][28681] -> [.218.173.230.98][19004] + update: [...511] [ip4][..udp] [......10.0.2.15][28681] -> [...68.47.223.27][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...496] [ip4][..udp] [......10.0.2.15][28681] -> [.218.173.230.98][19004] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...533] [ip4][..udp] [......10.0.2.15][28681] -> [..36.229.185.60][.6898] update: [...592] [ip4][..udp] [......10.0.2.15][28681] -> [....1.36.249.91][.7190] update: [...701] [ip4][..udp] [......10.0.2.15][28681] -> [119.237.190.184][64163] - update: [...495] [ip4][..udp] [......10.0.2.15][28681] -> [...81.247.89.20][.6346] - update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] - update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] - update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] + update: [...495] [ip4][..udp] [......10.0.2.15][28681] -> [...81.247.89.20][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] update: [...603] [ip4][..udp] [......10.0.2.15][28681] -> [....1.36.249.91][64577] update: [...621] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.128.228][.3227] update: [...646] [ip4][..udp] [......10.0.2.15][28681] -> [..36.237.10.152][21293] update: [...740] [ip4][..udp] [......10.0.2.15][28681] -> [...36.237.25.47][21293] - update: [...516] [ip4][..udp] [......10.0.2.15][28681] -> [.119.246.147.72][.4572] + update: [...516] [ip4][..udp] [......10.0.2.15][28681] -> [.119.246.147.72][.4572] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...733] [ip4][..udp] [......10.0.2.15][28681] -> [...99.199.148.6][.4338] update: [...597] [ip4][..udp] [......10.0.2.15][28681] -> [..36.236.203.37][52274] update: [...675] [ip4][..udp] [......10.0.2.15][28681] -> [.123.205.118.77][62191] update: [...738] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.128.228][.3256] update: [...553] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.128.228][.3259] update: [...628] [ip4][..udp] [......10.0.2.15][28681] -> [....45.65.87.24][16201] - update: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] - update: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] + update: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...616] [ip4][..udp] [......10.0.2.15][28681] -> [220.208.167.152][30628] update: [...596] [ip4][..udp] [......10.0.2.15][28681] -> [..61.18.212.223][58954] - update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] + update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...713] [ip4][..udp] [......10.0.2.15][28681] -> [..218.103.139.2][51379] update: [...593] [ip4][..udp] [......10.0.2.15][28681] -> [..124.218.26.16][.9747] update: [...571] [ip4][..udp] [......10.0.2.15][28681] -> [.114.40.163.123][55341] @@ -3394,9 +4406,11 @@ update: [...534] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][54436] update: [...707] [ip4][..udp] [......10.0.2.15][28681] -> [..183.179.14.31][64871] update: [...744] [ip4][..udp] [......10.0.2.15][28681] -> [..164.132.10.25][48250] - update: [...501] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] + update: [...501] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...683] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][54459] - update: [...506] [ip4][..udp] [......10.0.2.15][28681] -> [..136.32.84.139][.6346] + update: [...506] [ip4][..udp] [......10.0.2.15][28681] -> [..136.32.84.139][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...562] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][59879] update: [...619] [ip4][..udp] [......10.0.2.15][28681] -> [...1.163.14.246][.1630] update: [...691] [ip4][..udp] [......10.0.2.15][28681] -> [..61.93.150.146][62507] @@ -3407,11 +4421,13 @@ update: [...622] [ip4][..udp] [......10.0.2.15][28681] -> [..36.234.18.166][61319] update: [...542] [ip4][..udp] [......10.0.2.15][28681] -> [..218.103.139.2][51675] update: [...714] [ip4][..udp] [......10.0.2.15][28681] -> [..76.174.174.69][21358] - update: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] + update: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...614] [ip4][..udp] [......10.0.2.15][28681] -> [.123.205.118.77][60482] update: [...746] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] update: [...606] [ip4][..udp] [......10.0.2.15][28681] -> [.149.28.163.175][42288] - update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] + update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...739] [ip4][..udp] [......10.0.2.15][28681] -> [.104.156.226.72][19814] update: [...587] [ip4][..udp] [......10.0.2.15][28681] -> [.94.134.154.158][54130] update: [...550] [ip4][..udp] [......10.0.2.15][28681] -> [.220.238.145.82][33527] @@ -3422,19 +4438,24 @@ update: [...685] [ip4][..udp] [......10.0.2.15][28681] -> [..111.241.31.96][.8349] update: [...555] [ip4][..udp] [......10.0.2.15][28681] -> [..124.218.26.16][20387] update: [...721] [ip4][..udp] [......10.0.2.15][28681] -> [.123.203.72.224][.9897] - update: [...371] [ip4][..udp] [......10.0.2.15][28681] -> [.109.131.202.24][44748] + update: [...371] [ip4][..udp] [......10.0.2.15][28681] -> [.109.131.202.24][44748] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...631] [ip4][..udp] [......10.0.2.15][28681] -> [..36.231.59.187][62234] update: [...591] [ip4][..udp] [......10.0.2.15][28681] -> [..118.168.15.71][53707] update: [...594] [ip4][..udp] [......10.0.2.15][28681] -> [.119.237.116.22][.7375] update: [...613] [ip4][..udp] [......10.0.2.15][28681] -> [119.247.152.218][51920] update: [...617] [ip4][..udp] [......10.0.2.15][28681] -> [.119.237.116.22][.7380] - update: [...508] [ip4][..udp] [......10.0.2.15][28681] -> [...92.144.99.73][10745] + update: [...508] [ip4][..udp] [......10.0.2.15][28681] -> [...92.144.99.73][10745] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...582] [ip4][..udp] [......10.0.2.15][28681] -> [....223.16.83.5][10624] update: [...573] [ip4][..udp] [......10.0.2.15][28681] -> [..71.239.173.18][23327] - update: [...513] [ip4][..udp] [......10.0.2.15][28681] -> [..78.196.216.12][58910] - update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] + update: [...513] [ip4][..udp] [......10.0.2.15][28681] -> [..78.196.216.12][58910] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...568] [ip4][..udp] [......10.0.2.15][28681] -> [.123.205.118.77][56562] - update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] + update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...538] [ip4][..udp] [......10.0.2.15][28681] -> [.124.218.41.253][14339] update: [...623] [ip4][..udp] [......10.0.2.15][28681] -> [.210.209.249.84][24751] update: [...629] [ip4][..udp] [......10.0.2.15][28681] -> [.14.200.255.229][45710] @@ -3447,19 +4468,26 @@ update: [...600] [ip4][..udp] [......10.0.2.15][28681] -> [....1.64.156.63][60092] update: [...645] [ip4][..udp] [......10.0.2.15][28681] -> [...59.104.173.5][49803] update: [...661] [ip4][..udp] [......10.0.2.15][28681] -> [...24.127.1.235][37814] - update: [...499] [ip4][..udp] [......10.0.2.15][28681] -> [....1.161.80.82][.8656] + update: [...499] [ip4][..udp] [......10.0.2.15][28681] -> [....1.161.80.82][.8656] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...626] [ip4][..udp] [......10.0.2.15][28681] -> [...59.104.173.5][49815] update: [...703] [ip4][..udp] [......10.0.2.15][28681] -> [..114.40.67.191][14971] update: [...560] [ip4][..udp] [......10.0.2.15][28681] -> [..118.168.15.71][53883] update: [...656] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][54914] update: [...727] [ip4][..udp] [......10.0.2.15][28681] -> [101.136.187.253][10914] update: [...521] [ip4][..udp] [......10.0.2.15][28681] -> [.113.255.250.32][23458] - update: [...503] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] - update: [...505] [ip4][..udp] [......10.0.2.15][28681] -> [.....42.2.62.28][.6387] - update: [...494] [ip4][..udp] [......10.0.2.15][28681] -> [...86.210.81.59][.6346] - update: [...370] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.56.198][11984] - update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] - update: [...498] [ip4][..udp] [......10.0.2.15][28681] -> [...8.44.149.207][30551] + update: [...503] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...505] [ip4][..udp] [......10.0.2.15][28681] -> [.....42.2.62.28][.6387] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...494] [ip4][..udp] [......10.0.2.15][28681] -> [...86.210.81.59][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...370] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.56.198][11984] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...498] [ip4][..udp] [......10.0.2.15][28681] -> [...8.44.149.207][30551] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...704] [ip4][..udp] [......10.0.2.15][28681] -> [..123.192.83.59][33513] update: [...641] [ip4][..udp] [......10.0.2.15][28681] -> [.36.233.199.103][.2625] update: [...717] [ip4][..udp] [......10.0.2.15][28681] -> [...79.191.58.38][48157] @@ -3480,22 +4508,29 @@ update: [...716] [ip4][..udp] [......10.0.2.15][28681] -> [...98.249.190.8][25198] update: [...731] [ip4][..udp] [......10.0.2.15][28681] -> [..50.58.238.163][.6564] update: [...545] [ip4][..udp] [......10.0.2.15][28681] -> [..116.49.159.77][55915] - update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] - update: [...374] [ip4][..udp] [......10.0.2.15][28681] -> [....62.35.190.5][18604] + update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...374] [ip4][..udp] [......10.0.2.15][28681] -> [....62.35.190.5][18604] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...735] [ip4][..udp] [......10.0.2.15][28681] -> [..45.31.152.112][52420] - update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] + update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...663] [ip4][..udp] [......10.0.2.15][28681] -> [..50.58.238.163][.6594] update: [...634] [ip4][..udp] [......10.0.2.15][28681] -> [..24.179.18.242][47329] update: [...747] [ip4][..udp] [......10.0.2.15][28681] -> [..50.58.238.163][.6599] update: [...527] [ip4][..udp] [......10.0.2.15][28681] -> [..42.72.149.140][37848] update: [...643] [ip4][..udp] [......10.0.2.15][28681] -> [..31.20.248.147][30706] update: [...711] [ip4][..udp] [......10.0.2.15][28681] -> [..220.129.86.65][49723] - update: [...504] [ip4][..udp] [......10.0.2.15][28681] -> [..85.203.45.107][.6346] + update: [...504] [ip4][..udp] [......10.0.2.15][28681] -> [..85.203.45.107][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...563] [ip4][..udp] [......10.0.2.15][28681] -> [...112.105.52.2][.6831] - update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] + update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...639] [ip4][..udp] [......10.0.2.15][28681] -> [.119.237.116.22][.7849] - update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] - update: [...372] [ip4][..udp] [......10.0.2.15][28681] -> [.91.179.185.126][.6346] + update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...372] [ip4][..udp] [......10.0.2.15][28681] -> [.91.179.185.126][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...729] [ip4][..udp] [......10.0.2.15][28681] -> [..114.47.227.91][54463] update: [...732] [ip4][..udp] [......10.0.2.15][28681] -> [..85.168.34.105][39908] update: [...633] [ip4][..udp] [......10.0.2.15][28681] -> [..68.174.18.115][50679] @@ -3510,7 +4545,8 @@ update: [...644] [ip4][..udp] [......10.0.2.15][28681] -> [...173.22.22.94][34245] update: [...666] [ip4][..udp] [......10.0.2.15][28681] -> [.159.196.95.223][.2003] update: [...648] [ip4][..udp] [......10.0.2.15][28681] -> [180.218.135.222][.4548] - update: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] + update: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...579] [ip4][..udp] [......10.0.2.15][28681] -> [.223.16.170.108][23458] update: [...677] [ip4][..udp] [......10.0.2.15][28681] -> [....223.16.83.5][.9128] update: [...706] [ip4][..udp] [......10.0.2.15][28681] -> [218.164.200.235][.1968] @@ -3522,16 +4558,22 @@ update: [...741] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.128.228][.4364] update: [...696] [ip4][..udp] [......10.0.2.15][28681] -> [188.165.203.190][55050] update: [...537] [ip4][..udp] [......10.0.2.15][28681] -> [218.164.200.235][.2034] - update: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] - update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] + update: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...585] [ip4][..udp] [......10.0.2.15][28681] -> [..51.68.153.214][35004] - update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] - update: [...502] [ip4][..udp] [......10.0.2.15][28681] -> [..47.156.58.211][.6346] - update: [...507] [ip4][..udp] [......10.0.2.15][28681] -> [...50.4.204.220][.6346] + update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...502] [ip4][..udp] [......10.0.2.15][28681] -> [..47.156.58.211][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...507] [ip4][..udp] [......10.0.2.15][28681] -> [...50.4.204.220][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...686] [ip4][..udp] [......10.0.2.15][28681] -> [.119.14.143.237][13965] update: [...662] [ip4][..udp] [......10.0.2.15][28681] -> [..96.59.117.166][33192] update: [...535] [ip4][..udp] [......10.0.2.15][28681] -> [...114.27.24.95][10655] - update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] + update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...602] [ip4][..udp] [......10.0.2.15][28681] -> [.123.203.72.224][53658] update: [...589] [ip4][..udp] [......10.0.2.15][28681] -> [.113.255.250.32][52647] update: [...653] [ip4][..udp] [......10.0.2.15][28681] -> [....82.12.1.136][.6348] @@ -3539,8 +4581,10 @@ update: [...610] [ip4][..udp] [......10.0.2.15][28681] -> [..61.10.174.159][.4841] update: [...532] [ip4][..udp] [......10.0.2.15][28681] -> [...114.27.24.95][10677] update: [...695] [ip4][..udp] [......10.0.2.15][28681] -> [..76.189.72.230][.8161] - update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] - update: [...512] [ip4][..udp] [......10.0.2.15][28681] -> [..209.204.207.5][49256] + update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...512] [ip4][..udp] [......10.0.2.15][28681] -> [..209.204.207.5][49256] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...734] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.91.201][.4297] update: [...627] [ip4][..udp] [......10.0.2.15][28681] -> [..73.62.225.181][46843] update: [...552] [ip4][..udp] [......10.0.2.15][28681] -> [...218.250.6.59][60012] @@ -3552,11 +4596,13 @@ update: [...671] [ip4][..udp] [......10.0.2.15][28681] -> [180.218.135.222][49867] update: [...574] [ip4][..udp] [......10.0.2.15][28681] -> [..223.17.132.18][23458] update: [...678] [ip4][..udp] [......10.0.2.15][28681] -> [150.116.225.105][51438] - update: [...518] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] + update: [...518] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...715] [ip4][..udp] [......10.0.2.15][28681] -> [...219.71.72.88][58808] update: [...659] [ip4][..udp] [......10.0.2.15][28681] -> [...114.27.24.95][10791] update: [...543] [ip4][..udp] [......10.0.2.15][28681] -> [..114.39.159.60][56896] - update: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] + update: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...564] [ip4][..udp] [......10.0.2.15][28681] -> [..61.222.160.99][53144] update: [...557] [ip4][..udp] [......10.0.2.15][28681] -> [..61.222.160.99][53163] update: [...647] [ip4][..udp] [......10.0.2.15][28681] -> [..61.18.212.223][58290] @@ -3568,15 +4614,21 @@ update: [...576] [ip4][..udp] [......10.0.2.15][28681] -> [104.238.172.250][42925] update: [...570] [ip4][..udp] [......10.0.2.15][28681] -> [..97.83.183.148][.8890] update: [...680] [ip4][..udp] [......10.0.2.15][28681] -> [.61.227.198.100][.6910] - update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] - update: [...500] [ip4][..udp] [......10.0.2.15][28681] -> [.220.143.34.225][20071] + update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...500] [ip4][..udp] [......10.0.2.15][28681] -> [.220.143.34.225][20071] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...566] [ip4][..udp] [......10.0.2.15][28681] -> [...58.176.62.40][52755] - update: [...514] [ip4][..udp] [......10.0.2.15][28681] -> [..83.114.40.175][23552] + update: [...514] [ip4][..udp] [......10.0.2.15][28681] -> [..83.114.40.175][23552] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...599] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][59875] - update: [...517] [ip4][..udp] [......10.0.2.15][28681] -> [..36.239.162.27][.7986] - update: [...519] [ip4][..udp] [......10.0.2.15][28681] -> [...219.70.48.23][.8070] + update: [...517] [ip4][..udp] [......10.0.2.15][28681] -> [..36.239.162.27][.7986] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...519] [ip4][..udp] [......10.0.2.15][28681] -> [...219.70.48.23][.8070] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...601] [ip4][..udp] [......10.0.2.15][28681] -> [113.255.200.161][65274] - update: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] + update: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...638] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.242.225][15068] update: [...726] [ip4][..udp] [......10.0.2.15][28681] -> [....1.171.82.65][50072] update: [...608] [ip4][..udp] [......10.0.2.15][28681] -> [...1.163.14.246][23461] @@ -3595,14 +4647,19 @@ update: [...709] [ip4][..udp] [......10.0.2.15][28681] -> [.223.16.121.156][.3624] update: [...547] [ip4][..udp] [......10.0.2.15][28681] -> [213.229.111.224][43316] update: [...687] [ip4][..udp] [......10.0.2.15][28681] -> [..66.30.221.181][53454] - update: [...510] [ip4][..udp] [......10.0.2.15][28681] -> [...79.94.85.113][.6346] + update: [...510] [ip4][..udp] [......10.0.2.15][28681] -> [...79.94.85.113][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...652] [ip4][..udp] [......10.0.2.15][28681] -> [..94.139.21.182][50110] update: [...530] [ip4][..udp] [......10.0.2.15][28681] -> [118.167.248.220][59304] - update: [...497] [ip4][..udp] [......10.0.2.15][28681] -> [..84.100.76.123][39628] + update: [...497] [ip4][..udp] [......10.0.2.15][28681] -> [..84.100.76.123][39628] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...569] [ip4][..udp] [......10.0.2.15][28681] -> [....73.89.249.8][50649] - update: [...373] [ip4][..udp] [......10.0.2.15][28681] -> [..88.122.233.15][11488] - update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] - update: [...515] [ip4][..udp] [......10.0.2.15][28681] -> [220.137.106.173][11625] + update: [...373] [ip4][..udp] [......10.0.2.15][28681] -> [..88.122.233.15][11488] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...515] [ip4][..udp] [......10.0.2.15][28681] -> [220.137.106.173][11625] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...522] [ip4][..udp] [......10.0.2.15][28681] -> [119.247.152.218][51153] update: [...590] [ip4][..udp] [......10.0.2.15][28681] -> [...95.10.205.67][48380] update: [...605] [ip4][..udp] [......10.0.2.15][28681] -> [180.149.125.139][.6578] @@ -3622,20 +4679,28 @@ update: [...523] [ip4][..udp] [......10.0.2.15][28681] -> [..1.162.138.200][24018] update: [...693] [ip4][..udp] [......10.0.2.15][28681] -> [.98.215.130.156][12405] update: [...377] [ip4][..udp] [......10.0.2.15][28681] -> [.180.200.236.13][12082] - update: [...433] [ip4][..udp] [......10.0.2.15][28681] -> [.99.255.145.191][47264] - update: [...404] [ip4][..udp] [......10.0.2.15][28681] -> [.86.234.216.251][17845] + update: [...433] [ip4][..udp] [......10.0.2.15][28681] -> [.99.255.145.191][47264] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...404] [ip4][..udp] [......10.0.2.15][28681] -> [.86.234.216.251][17845] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...441] [ip4][..udp] [......10.0.2.15][28681] -> [.36.237.199.108][56040] update: [...450] [ip4][..udp] [......10.0.2.15][28681] -> [113.252.206.254][23458] - update: [...426] [ip4][..udp] [......10.0.2.15][28681] -> [..219.71.44.121][14398] - update: [...411] [ip4][..udp] [......10.0.2.15][28681] -> [...89.143.28.64][.6346] - update: [...408] [ip4][..udp] [......10.0.2.15][28681] -> [...90.103.2.245][.6346] - update: [...424] [ip4][..udp] [......10.0.2.15][28681] -> [..93.15.216.216][.6346] + update: [...426] [ip4][..udp] [......10.0.2.15][28681] -> [..219.71.44.121][14398] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...411] [ip4][..udp] [......10.0.2.15][28681] -> [...89.143.28.64][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...408] [ip4][..udp] [......10.0.2.15][28681] -> [...90.103.2.245][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...424] [ip4][..udp] [......10.0.2.15][28681] -> [..93.15.216.216][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...479] [ip4][..udp] [......10.0.2.15][28681] -> [.123.205.13.148][51896] - update: [...422] [ip4][..udp] [......10.0.2.15][28681] -> [..88.123.35.219][42211] + update: [...422] [ip4][..udp] [......10.0.2.15][28681] -> [..88.123.35.219][42211] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...394] [ip4][..udp] [......10.0.2.15][28681] -> [.165.84.134.136][21407] update: [...254] [ip4][..udp] [......10.0.2.15][28681] -> [..88.120.73.215][24562] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...439] [ip4][..udp] [......10.0.2.15][28681] -> [..176.135.15.86][.6346] + update: [...439] [ip4][..udp] [......10.0.2.15][28681] -> [..176.135.15.86][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...474] [ip4][..udp] [......10.0.2.15][28681] -> [..80.61.221.246][45880] update: [...398] [ip4][..udp] [......10.0.2.15][28681] -> [.62.102.148.166][31332] update: [...477] [ip4][..udp] [......10.0.2.15][28681] -> [....94.54.66.82][45640] @@ -3645,28 +4710,39 @@ update: [...461] [ip4][..udp] [......10.0.2.15][28681] -> [..69.27.193.124][50555] update: [...472] [ip4][..udp] [......10.0.2.15][28681] -> [....94.54.66.82][45744] update: [...471] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][43457] - update: [...481] [ip4][..udp] [......10.0.2.15][28681] -> [..82.120.219.74][.6346] + update: [...481] [ip4][..udp] [......10.0.2.15][28681] -> [..82.120.219.74][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...476] [ip4][..udp] [......10.0.2.15][28681] -> [..98.18.172.208][63172] update: [...381] [ip4][..udp] [......10.0.2.15][28681] -> [...77.58.211.52][.3806] update: [...386] [ip4][..udp] [......10.0.2.15][28681] -> [...85.172.10.90][40162] - update: [...435] [ip4][..udp] [......10.0.2.15][28681] -> [.109.24.146.101][.6346] - update: [...465] [ip4][..udp] [......10.0.2.15][28681] -> [.....2.28.39.18][15672] - update: [...306] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] - update: [...421] [ip4][..udp] [......10.0.2.15][28681] -> [..175.182.39.11][12977] + update: [...435] [ip4][..udp] [......10.0.2.15][28681] -> [.109.24.146.101][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...465] [ip4][..udp] [......10.0.2.15][28681] -> [.....2.28.39.18][15672] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...306] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...421] [ip4][..udp] [......10.0.2.15][28681] -> [..175.182.39.11][12977] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...392] [ip4][..udp] [......10.0.2.15][28681] -> [....42.0.69.215][12608] update: [...265] [ip4][..udp] [......10.0.2.15][28681] -> [203.220.198.244][.1194] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...416] [ip4][..udp] [......10.0.2.15][28681] -> [..92.139.61.103][24096] + update: [...416] [ip4][..udp] [......10.0.2.15][28681] -> [..92.139.61.103][24096] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...304] [ip4][..udp] [......10.0.2.15][28681] -> [.193.32.126.214][59596] update: [...443] [ip4][..udp] [......10.0.2.15][28681] -> [..183.179.14.31][54754] update: [...389] [ip4][..udp] [......10.0.2.15][28681] -> [..94.215.183.71][31310] - update: [...413] [ip4][..udp] [......10.0.2.15][28681] -> [...87.65.188.29][24676] + update: [...413] [ip4][..udp] [......10.0.2.15][28681] -> [...87.65.188.29][24676] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...260] [ip4][..udp] [......10.0.2.15][28681] -> [.46.128.114.107][.6578] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...412] [ip4][..udp] [......10.0.2.15][28681] -> [...58.177.52.73][.6346] - update: [...418] [ip4][..udp] [......10.0.2.15][28681] -> [.75.129.149.103][.6346] - update: [...468] [ip4][..udp] [......10.0.2.15][28681] -> [..94.214.12.247][44001] - update: [...466] [ip4][..udp] [......10.0.2.15][28681] -> [...70.119.248.5][49929] + update: [...412] [ip4][..udp] [......10.0.2.15][28681] -> [...58.177.52.73][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...418] [ip4][..udp] [......10.0.2.15][28681] -> [.75.129.149.103][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...468] [ip4][..udp] [......10.0.2.15][28681] -> [..94.214.12.247][44001] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...466] [ip4][..udp] [......10.0.2.15][28681] -> [...70.119.248.5][49929] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...259] [ip4][..udp] [......10.0.2.15][28681] -> [103.232.107.100][43508] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...446] [ip4][..udp] [......10.0.2.15][28681] -> [..61.70.199.107][60475] @@ -3679,91 +4755,123 @@ update: [...384] [ip4][..udp] [......10.0.2.15][28681] -> [....75.64.6.175][.4743] update: [...378] [ip4][..udp] [......10.0.2.15][28681] -> [.118.241.204.61][43366] update: [...456] [ip4][..udp] [......10.0.2.15][28681] -> [.89.241.112.255][14766] - update: [...428] [ip4][..udp] [......10.0.2.15][28681] -> [....86.162.97.8][.6346] + update: [...428] [ip4][..udp] [......10.0.2.15][28681] -> [....86.162.97.8][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...375] [ip4][..udp] [......10.0.2.15][28681] -> [..73.182.136.42][27873] update: [...455] [ip4][..udp] [......10.0.2.15][28681] -> [.58.153.206.183][16919] update: [...453] [ip4][..udp] [......10.0.2.15][28681] -> [..74.127.26.138][.3083] - update: [...425] [ip4][..udp] [......10.0.2.15][28681] -> [..145.82.53.165][.6346] + update: [...425] [ip4][..udp] [......10.0.2.15][28681] -> [..145.82.53.165][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...257] [ip4][..udp] [......10.0.2.15][28681] -> [.82.181.251.218][36368] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...460] [ip4][..udp] [......10.0.2.15][28681] -> [.210.194.116.78][.8342] update: [...454] [ip4][..udp] [......10.0.2.15][28681] -> [.223.16.121.156][23183] - update: [...401] [ip4][..udp] [......10.0.2.15][28681] -> [.173.178.192.76][.6346] - update: [...484] [ip4][..udp] [......10.0.2.15][28681] -> [...107.4.56.177][10000] - update: [...406] [ip4][..udp] [......10.0.2.15][28681] -> [....109.27.3.68][57380] + update: [...401] [ip4][..udp] [......10.0.2.15][28681] -> [.173.178.192.76][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...484] [ip4][..udp] [......10.0.2.15][28681] -> [...107.4.56.177][10000] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...406] [ip4][..udp] [......10.0.2.15][28681] -> [....109.27.3.68][57380] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...399] [ip4][..udp] [......10.0.2.15][28681] -> [.175.39.219.223][31728] update: [...469] [ip4][..udp] [......10.0.2.15][28681] -> [..87.123.54.234][47184] - update: [...467] [ip4][..udp] [......10.0.2.15][28681] -> [...61.64.177.53][23458] - update: [...431] [ip4][..udp] [......10.0.2.15][28681] -> [..88.124.71.246][49035] + update: [...467] [ip4][..udp] [......10.0.2.15][28681] -> [...61.64.177.53][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...431] [ip4][..udp] [......10.0.2.15][28681] -> [..88.124.71.246][49035] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...388] [ip4][..udp] [......10.0.2.15][28681] -> [...121.7.145.36][33905] update: [...303] [ip4][..udp] [......10.0.2.15][28681] -> [.142.132.165.13][30566] update: [...246] [ip4][..udp] [......10.0.2.15][28681] -> [...96.65.68.194][35481] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...395] [ip4][..udp] [......10.0.2.15][28681] -> [..191.114.88.39][18751] update: [...483] [ip4][..udp] [.......10.0.2.2][.1026] -> [......10.0.2.15][28681] - update: [...402] [ip4][..udp] [......10.0.2.15][28681] -> [...78.219.202.2][.6346] - update: [...420] [ip4][..udp] [......10.0.2.15][28681] -> [..86.227.127.34][.6346] - update: [...417] [ip4][..udp] [......10.0.2.15][28681] -> [.94.187.236.179][.6346] + update: [...402] [ip4][..udp] [......10.0.2.15][28681] -> [...78.219.202.2][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...420] [ip4][..udp] [......10.0.2.15][28681] -> [..86.227.127.34][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...417] [ip4][..udp] [......10.0.2.15][28681] -> [.94.187.236.179][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...317] [ip4][..udp] [......10.0.2.15][28681] -> [...96.236.205.7][34794] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...376] [ip4][..udp] [......10.0.2.15][28681] -> [....156.57.42.2][33476] - update: [...485] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.209][.6346] + update: [...485] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.209][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...261] [ip4][..udp] [......10.0.2.15][28681] -> [..60.241.48.194][21301] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...427] [ip4][..udp] [......10.0.2.15][28681] -> [...81.249.13.30][15138] + update: [...427] [ip4][..udp] [......10.0.2.15][28681] -> [...81.249.13.30][15138] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...313] [ip4][..udp] [......10.0.2.15][28681] -> [..176.99.176.20][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...405] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.31.118][.6346] + update: [...405] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.31.118][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...745] [ip4][.icmp] [..164.132.10.25] -> [......10.0.2.15] [ICMP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic update: [...387] [ip4][..udp] [......10.0.2.15][28681] -> [....220.135.8.7][.1219] update: [...302] [ip4][..udp] [......10.0.2.15][28681] -> [.185.187.74.173][53489] update: [...255] [ip4][..udp] [......10.0.2.15][28681] -> [..80.61.221.246][30577] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...415] [ip4][..udp] [......10.0.2.15][28681] -> [..90.247.160.96][17817] + update: [...415] [ip4][..udp] [......10.0.2.15][28681] -> [..90.247.160.96][17817] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...458] [ip4][..udp] [......10.0.2.15][28681] -> [118.165.228.167][12201] - update: [...486] [ip4][..udp] [......10.0.2.15][28681] -> [...88.68.45.203][.6346] - update: [...410] [ip4][..udp] [......10.0.2.15][28681] -> [..93.28.130.131][.6346] + update: [...486] [ip4][..udp] [......10.0.2.15][28681] -> [...88.68.45.203][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...410] [ip4][..udp] [......10.0.2.15][28681] -> [..93.28.130.131][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...248] [ip4][..udp] [......10.0.2.15][28681] -> [..66.30.221.181][12012] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...380] [ip4][..udp] [......10.0.2.15][28681] -> [...83.86.49.195][12019] - update: [...423] [ip4][..udp] [......10.0.2.15][28681] -> [..119.247.6.226][.9713] - update: [...438] [ip4][..udp] [......10.0.2.15][28681] -> [..71.86.190.163][14142] - update: [...403] [ip4][..udp] [......10.0.2.15][28681] -> [197.244.171.132][.6346] + update: [...423] [ip4][..udp] [......10.0.2.15][28681] -> [..119.247.6.226][.9713] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...438] [ip4][..udp] [......10.0.2.15][28681] -> [..71.86.190.163][14142] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...403] [ip4][..udp] [......10.0.2.15][28681] -> [197.244.171.132][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...457] [ip4][..udp] [......10.0.2.15][28681] -> [119.247.240.113][13867] - update: [...429] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.215.213][23576] - update: [...436] [ip4][..udp] [......10.0.2.15][28681] -> [.219.68.179.137][.6406] - update: [...414] [ip4][..udp] [......10.0.2.15][28681] -> [175.181.156.244][.8255] + update: [...429] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.215.213][23576] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...436] [ip4][..udp] [......10.0.2.15][28681] -> [.219.68.179.137][.6406] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...414] [ip4][..udp] [......10.0.2.15][28681] -> [175.181.156.244][.8255] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...383] [ip4][..udp] [......10.0.2.15][28681] -> [...84.71.243.60][34498] - update: [...409] [ip4][..udp] [......10.0.2.15][28681] -> [...86.194.53.68][33770] - update: [...482] [ip4][..udp] [......10.0.2.15][28681] -> [..86.193.23.172][42227] - update: [...400] [ip4][..udp] [......10.0.2.15][28681] -> [..129.45.47.167][.6346] + update: [...409] [ip4][..udp] [......10.0.2.15][28681] -> [...86.194.53.68][33770] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...482] [ip4][..udp] [......10.0.2.15][28681] -> [..86.193.23.172][42227] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...400] [ip4][..udp] [......10.0.2.15][28681] -> [..129.45.47.167][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...253] [ip4][..udp] [......10.0.2.15][28681] -> [.193.37.255.130][61616] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...407] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][.6346] + update: [...407] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...463] [ip4][..udp] [......10.0.2.15][28681] -> [..200.7.155.210][28365] update: [...452] [ip4][..udp] [......10.0.2.15][28681] -> [..68.227.193.37][27481] update: [...390] [ip4][..udp] [......10.0.2.15][28681] -> [144.134.132.206][16401] - update: [...440] [ip4][..udp] [......10.0.2.15][28681] -> [203.165.170.112][37087] + update: [...440] [ip4][..udp] [......10.0.2.15][28681] -> [203.165.170.112][37087] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...448] [ip4][..udp] [......10.0.2.15][28681] -> [116.241.162.162][15677] update: [...459] [ip4][..udp] [......10.0.2.15][28681] -> [...100.89.84.59][11603] update: [...391] [ip4][..udp] [......10.0.2.15][28681] -> [...161.81.38.67][.9539] - update: [...437] [ip4][..udp] [......10.0.2.15][28681] -> [....31.38.163.2][.6346] + update: [...437] [ip4][..udp] [......10.0.2.15][28681] -> [....31.38.163.2][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...316] [ip4][..udp] [......10.0.2.15][28681] -> [....94.54.66.82][63637] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...262] [ip4][..udp] [......10.0.2.15][28681] -> [....89.75.52.19][46010] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...445] [ip4][..udp] [......10.0.2.15][28681] -> [118.165.153.100][.4509] - update: [...419] [ip4][..udp] [......10.0.2.15][28681] -> [...78.193.236.8][46557] + update: [...419] [ip4][..udp] [......10.0.2.15][28681] -> [...78.193.236.8][46557] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...393] [ip4][..udp] [......10.0.2.15][28681] -> [.58.115.158.103][.5110] - update: [...432] [ip4][..udp] [......10.0.2.15][28681] -> [...104.6.118.53][.6346] + update: [...432] [ip4][..udp] [......10.0.2.15][28681] -> [...104.6.118.53][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...464] [ip4][..udp] [......10.0.2.15][28681] -> [...101.128.66.8][34512] update: [...382] [ip4][..udp] [......10.0.2.15][28681] -> [..76.175.11.126][40958] update: [...480] [ip4][..udp] [......10.0.2.15][28681] -> [..112.119.74.26][65498] - update: [...434] [ip4][..udp] [......10.0.2.15][28681] -> [.114.24.182.130][22232] + update: [...434] [ip4][..udp] [......10.0.2.15][28681] -> [.114.24.182.130][22232] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...462] [ip4][..udp] [......10.0.2.15][28681] -> [..164.132.10.25][47808] update: [...397] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][24634] - update: [...430] [ip4][..udp] [......10.0.2.15][28681] -> [....90.8.95.165][40763] + update: [...430] [ip4][..udp] [......10.0.2.15][28681] -> [....90.8.95.165][40763] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...475] [ip4][..udp] [......10.0.2.15][28681] -> [..188.61.52.183][63978] update: [...473] [ip4][..udp] [......10.0.2.15][28681] -> [.142.132.165.13][33564] update: [...379] [ip4][..udp] [......10.0.2.15][28681] -> [..80.140.63.147][29545] @@ -3783,257 +4891,252 @@ RISK: Unidirectional Traffic idle: [...369] [ip4][..udp] [......10.0.2.15][28681] -> [.89.187.171.240][.6346] update: [...754] [ip4][..udp] [......10.0.2.15][28681] -> [..84.125.218.84][17561] - update: [...488] [ip4][..udp] [......10.0.2.15][28681] -> [.183.179.90.112][.9852] - update: [...490] [ip4][..udp] [......10.0.2.15][28681] -> [...90.3.215.132][20356] - update: [...489] [ip4][..udp] [......10.0.2.15][28681] -> [...108.44.45.25][.6346] - update: [...487] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] - update: [...491] [ip4][..udp] [......10.0.2.15][28681] -> [..36.233.42.210][.5512] - update: [...492] [ip4][..udp] [......10.0.2.15][28681] -> [...172.94.41.71][.6346] - not-detected: [...371] [ip4][..udp] [......10.0.2.15][28681] -> [.109.131.202.24][44748] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...371] [ip4][..udp] [......10.0.2.15][28681] -> [.109.131.202.24][44748] - not-detected: [...370] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.56.198][11984] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...370] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.56.198][11984] - not-detected: [...374] [ip4][..udp] [......10.0.2.15][28681] -> [....62.35.190.5][18604] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...374] [ip4][..udp] [......10.0.2.15][28681] -> [....62.35.190.5][18604] - not-detected: [...372] [ip4][..udp] [......10.0.2.15][28681] -> [.91.179.185.126][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...372] [ip4][..udp] [......10.0.2.15][28681] -> [.91.179.185.126][.6346] + update: [...488] [ip4][..udp] [......10.0.2.15][28681] -> [.183.179.90.112][.9852] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...490] [ip4][..udp] [......10.0.2.15][28681] -> [...90.3.215.132][20356] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...489] [ip4][..udp] [......10.0.2.15][28681] -> [...108.44.45.25][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...487] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...491] [ip4][..udp] [......10.0.2.15][28681] -> [..36.233.42.210][.5512] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...492] [ip4][..udp] [......10.0.2.15][28681] -> [...172.94.41.71][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...371] [ip4][..udp] [......10.0.2.15][28681] -> [.109.131.202.24][44748] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...370] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.56.198][11984] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...374] [ip4][..udp] [......10.0.2.15][28681] -> [....62.35.190.5][18604] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...372] [ip4][..udp] [......10.0.2.15][28681] -> [.91.179.185.126][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [...745] [ip4][.icmp] [..164.132.10.25] -> [......10.0.2.15] [ICMP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic - not-detected: [...373] [ip4][..udp] [......10.0.2.15][28681] -> [..88.122.233.15][11488] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...373] [ip4][..udp] [......10.0.2.15][28681] -> [..88.122.233.15][11488] - update: [...750] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] + idle: [...373] [ip4][..udp] [......10.0.2.15][28681] -> [..88.122.233.15][11488] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...750] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...331] [ip4][..udp] [......10.0.2.15][28681] -> [..45.31.152.112][26851] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...361] [ip4][..udp] [......10.0.2.15][28681] -> [..86.129.196.84][.9915] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...752] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] - update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] - update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] - update: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] + update: [...752] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...340] [ip4][..udp] [......10.0.2.15][28681] -> [.38.142.119.234][49732] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...335] [ip4][..udp] [......10.0.2.15][28681] -> [.14.200.255.229][37058] update: [...332] [ip4][..udp] [......10.0.2.15][28681] -> [213.229.111.224][.4876] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] + update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...344] [ip4][..udp] [......10.0.2.15][28681] -> [.207.38.163.228][.6778] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...323] [ip4][..udp] [......10.0.2.15][28681] -> [.96.246.156.126][56070] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] - update: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] - update: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] - update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] + update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...336] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][.6888] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] - update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] - update: [...751] [ip4][..udp] [......10.0.2.15][28681] -> [142.115.218.152][.5900] - update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] - update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] - update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] + update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...751] [ip4][..udp] [......10.0.2.15][28681] -> [142.115.218.152][.5900] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...321] [ip4][..udp] [......10.0.2.15][28681] -> [188.165.203.190][21995] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...342] [ip4][..udp] [......10.0.2.15][28681] -> [..98.208.26.154][.4994] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...749] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] - update: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] - update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] + update: [...749] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...319] [ip4][..udp] [......10.0.2.15][28681] -> [..164.132.10.25][55302] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] - update: [...753] [ip4][..udp] [......10.0.2.15][28681] -> [..165.84.140.96][14400] - update: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] - update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] - update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] - update: [...755] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] + update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...753] [ip4][..udp] [......10.0.2.15][28681] -> [..165.84.140.96][14400] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...755] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...364] [ip4][..udp] [......10.0.2.15][28681] -> [194.163.180.126][10825] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] - update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] - update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] - update: [...756] [ip4][..udp] [......10.0.2.15][28681] -> [..41.100.68.255][12838] - update: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] + update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...756] [ip4][..udp] [......10.0.2.15][28681] -> [..41.100.68.255][12838] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol + update: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...339] [ip4][..udp] [......10.0.2.15][28681] -> [..87.123.54.234][54130] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] - update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] + update: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...367] [ip4][..udp] [......10.0.2.15][28681] -> [.149.28.163.175][49956] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] + update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...760] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] detected: [...760] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][msedgewin10] RISK: Unsafe Protocol new: [...761] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] + detected: [...761] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...762] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] - not-detected: [...433] [ip4][..udp] [......10.0.2.15][28681] -> [.99.255.145.191][47264] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...433] [ip4][..udp] [......10.0.2.15][28681] -> [.99.255.145.191][47264] - not-detected: [...404] [ip4][..udp] [......10.0.2.15][28681] -> [.86.234.216.251][17845] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...404] [ip4][..udp] [......10.0.2.15][28681] -> [.86.234.216.251][17845] - not-detected: [...426] [ip4][..udp] [......10.0.2.15][28681] -> [..219.71.44.121][14398] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...426] [ip4][..udp] [......10.0.2.15][28681] -> [..219.71.44.121][14398] - not-detected: [...411] [ip4][..udp] [......10.0.2.15][28681] -> [...89.143.28.64][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...411] [ip4][..udp] [......10.0.2.15][28681] -> [...89.143.28.64][.6346] - not-detected: [...408] [ip4][..udp] [......10.0.2.15][28681] -> [...90.103.2.245][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...408] [ip4][..udp] [......10.0.2.15][28681] -> [...90.103.2.245][.6346] - not-detected: [...424] [ip4][..udp] [......10.0.2.15][28681] -> [..93.15.216.216][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...424] [ip4][..udp] [......10.0.2.15][28681] -> [..93.15.216.216][.6346] - not-detected: [...422] [ip4][..udp] [......10.0.2.15][28681] -> [..88.123.35.219][42211] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...422] [ip4][..udp] [......10.0.2.15][28681] -> [..88.123.35.219][42211] - not-detected: [...439] [ip4][..udp] [......10.0.2.15][28681] -> [..176.135.15.86][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...439] [ip4][..udp] [......10.0.2.15][28681] -> [..176.135.15.86][.6346] + detected: [...762] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...433] [ip4][..udp] [......10.0.2.15][28681] -> [.99.255.145.191][47264] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...404] [ip4][..udp] [......10.0.2.15][28681] -> [.86.234.216.251][17845] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...426] [ip4][..udp] [......10.0.2.15][28681] -> [..219.71.44.121][14398] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...411] [ip4][..udp] [......10.0.2.15][28681] -> [...89.143.28.64][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...408] [ip4][..udp] [......10.0.2.15][28681] -> [...90.103.2.245][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...424] [ip4][..udp] [......10.0.2.15][28681] -> [..93.15.216.216][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...422] [ip4][..udp] [......10.0.2.15][28681] -> [..88.123.35.219][42211] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...439] [ip4][..udp] [......10.0.2.15][28681] -> [..176.135.15.86][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...398] [ip4][..udp] [......10.0.2.15][28681] -> [.62.102.148.166][31332] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...398] [ip4][..udp] [......10.0.2.15][28681] -> [.62.102.148.166][31332] - not-detected: [...481] [ip4][..udp] [......10.0.2.15][28681] -> [..82.120.219.74][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...481] [ip4][..udp] [......10.0.2.15][28681] -> [..82.120.219.74][.6346] - not-detected: [...435] [ip4][..udp] [......10.0.2.15][28681] -> [.109.24.146.101][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...435] [ip4][..udp] [......10.0.2.15][28681] -> [.109.24.146.101][.6346] - not-detected: [...465] [ip4][..udp] [......10.0.2.15][28681] -> [.....2.28.39.18][15672] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...465] [ip4][..udp] [......10.0.2.15][28681] -> [.....2.28.39.18][15672] + idle: [...481] [ip4][..udp] [......10.0.2.15][28681] -> [..82.120.219.74][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...435] [ip4][..udp] [......10.0.2.15][28681] -> [.109.24.146.101][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...465] [ip4][..udp] [......10.0.2.15][28681] -> [.....2.28.39.18][15672] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...392] [ip4][..udp] [......10.0.2.15][28681] -> [....42.0.69.215][12608] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...392] [ip4][..udp] [......10.0.2.15][28681] -> [....42.0.69.215][12608] - not-detected: [...416] [ip4][..udp] [......10.0.2.15][28681] -> [..92.139.61.103][24096] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...416] [ip4][..udp] [......10.0.2.15][28681] -> [..92.139.61.103][24096] + idle: [...416] [ip4][..udp] [......10.0.2.15][28681] -> [..92.139.61.103][24096] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...304] [ip4][..udp] [......10.0.2.15][28681] -> [.193.32.126.214][59596] [Unknown][Unknown][Unrated] idle: [...304] [ip4][..udp] [......10.0.2.15][28681] -> [.193.32.126.214][59596] not-detected: [...389] [ip4][..udp] [......10.0.2.15][28681] -> [..94.215.183.71][31310] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...389] [ip4][..udp] [......10.0.2.15][28681] -> [..94.215.183.71][31310] - not-detected: [...413] [ip4][..udp] [......10.0.2.15][28681] -> [...87.65.188.29][24676] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...413] [ip4][..udp] [......10.0.2.15][28681] -> [...87.65.188.29][24676] - not-detected: [...412] [ip4][..udp] [......10.0.2.15][28681] -> [...58.177.52.73][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...412] [ip4][..udp] [......10.0.2.15][28681] -> [...58.177.52.73][.6346] - not-detected: [...418] [ip4][..udp] [......10.0.2.15][28681] -> [.75.129.149.103][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...418] [ip4][..udp] [......10.0.2.15][28681] -> [.75.129.149.103][.6346] - not-detected: [...468] [ip4][..udp] [......10.0.2.15][28681] -> [..94.214.12.247][44001] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...468] [ip4][..udp] [......10.0.2.15][28681] -> [..94.214.12.247][44001] - not-detected: [...466] [ip4][..udp] [......10.0.2.15][28681] -> [...70.119.248.5][49929] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...466] [ip4][..udp] [......10.0.2.15][28681] -> [...70.119.248.5][49929] + idle: [...413] [ip4][..udp] [......10.0.2.15][28681] -> [...87.65.188.29][24676] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...412] [ip4][..udp] [......10.0.2.15][28681] -> [...58.177.52.73][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...418] [ip4][..udp] [......10.0.2.15][28681] -> [.75.129.149.103][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...468] [ip4][..udp] [......10.0.2.15][28681] -> [..94.214.12.247][44001] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...466] [ip4][..udp] [......10.0.2.15][28681] -> [...70.119.248.5][49929] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...385] [ip4][..udp] [......10.0.2.15][28681] -> [..66.223.143.31][47978] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...385] [ip4][..udp] [......10.0.2.15][28681] -> [..66.223.143.31][47978] - not-detected: [...428] [ip4][..udp] [......10.0.2.15][28681] -> [....86.162.97.8][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...428] [ip4][..udp] [......10.0.2.15][28681] -> [....86.162.97.8][.6346] - not-detected: [...425] [ip4][..udp] [......10.0.2.15][28681] -> [..145.82.53.165][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...425] [ip4][..udp] [......10.0.2.15][28681] -> [..145.82.53.165][.6346] - not-detected: [...401] [ip4][..udp] [......10.0.2.15][28681] -> [.173.178.192.76][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...401] [ip4][..udp] [......10.0.2.15][28681] -> [.173.178.192.76][.6346] - not-detected: [...406] [ip4][..udp] [......10.0.2.15][28681] -> [....109.27.3.68][57380] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...406] [ip4][..udp] [......10.0.2.15][28681] -> [....109.27.3.68][57380] + idle: [...428] [ip4][..udp] [......10.0.2.15][28681] -> [....86.162.97.8][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...425] [ip4][..udp] [......10.0.2.15][28681] -> [..145.82.53.165][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...401] [ip4][..udp] [......10.0.2.15][28681] -> [.173.178.192.76][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...406] [ip4][..udp] [......10.0.2.15][28681] -> [....109.27.3.68][57380] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...399] [ip4][..udp] [......10.0.2.15][28681] -> [.175.39.219.223][31728] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...399] [ip4][..udp] [......10.0.2.15][28681] -> [.175.39.219.223][31728] - not-detected: [...431] [ip4][..udp] [......10.0.2.15][28681] -> [..88.124.71.246][49035] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...431] [ip4][..udp] [......10.0.2.15][28681] -> [..88.124.71.246][49035] + idle: [...431] [ip4][..udp] [......10.0.2.15][28681] -> [..88.124.71.246][49035] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...303] [ip4][..udp] [......10.0.2.15][28681] -> [.142.132.165.13][30566] [Unknown][Unknown][Unrated] idle: [...303] [ip4][..udp] [......10.0.2.15][28681] -> [.142.132.165.13][30566] not-detected: [...395] [ip4][..udp] [......10.0.2.15][28681] -> [..191.114.88.39][18751] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...395] [ip4][..udp] [......10.0.2.15][28681] -> [..191.114.88.39][18751] - not-detected: [...402] [ip4][..udp] [......10.0.2.15][28681] -> [...78.219.202.2][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...402] [ip4][..udp] [......10.0.2.15][28681] -> [...78.219.202.2][.6346] - not-detected: [...420] [ip4][..udp] [......10.0.2.15][28681] -> [..86.227.127.34][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...420] [ip4][..udp] [......10.0.2.15][28681] -> [..86.227.127.34][.6346] - not-detected: [...417] [ip4][..udp] [......10.0.2.15][28681] -> [.94.187.236.179][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...417] [ip4][..udp] [......10.0.2.15][28681] -> [.94.187.236.179][.6346] - not-detected: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] - not-detected: [...427] [ip4][..udp] [......10.0.2.15][28681] -> [...81.249.13.30][15138] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...427] [ip4][..udp] [......10.0.2.15][28681] -> [...81.249.13.30][15138] - not-detected: [...405] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.31.118][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...405] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.31.118][.6346] + idle: [...402] [ip4][..udp] [......10.0.2.15][28681] -> [...78.219.202.2][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...420] [ip4][..udp] [......10.0.2.15][28681] -> [..86.227.127.34][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...417] [ip4][..udp] [......10.0.2.15][28681] -> [.94.187.236.179][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...125] [ip4][..udp] [......10.0.2.15][28681] -> [..83.92.178.182][57302] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...427] [ip4][..udp] [......10.0.2.15][28681] -> [...81.249.13.30][15138] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...405] [ip4][..udp] [......10.0.2.15][28681] -> [.176.155.31.118][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...387] [ip4][..udp] [......10.0.2.15][28681] -> [....220.135.8.7][.1219] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...387] [ip4][..udp] [......10.0.2.15][28681] -> [....220.135.8.7][.1219] - not-detected: [...415] [ip4][..udp] [......10.0.2.15][28681] -> [..90.247.160.96][17817] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...415] [ip4][..udp] [......10.0.2.15][28681] -> [..90.247.160.96][17817] - not-detected: [...410] [ip4][..udp] [......10.0.2.15][28681] -> [..93.28.130.131][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...410] [ip4][..udp] [......10.0.2.15][28681] -> [..93.28.130.131][.6346] - not-detected: [...438] [ip4][..udp] [......10.0.2.15][28681] -> [..71.86.190.163][14142] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...438] [ip4][..udp] [......10.0.2.15][28681] -> [..71.86.190.163][14142] - not-detected: [...403] [ip4][..udp] [......10.0.2.15][28681] -> [197.244.171.132][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...403] [ip4][..udp] [......10.0.2.15][28681] -> [197.244.171.132][.6346] - not-detected: [...429] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.215.213][23576] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...429] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.215.213][23576] - not-detected: [...436] [ip4][..udp] [......10.0.2.15][28681] -> [.219.68.179.137][.6406] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...436] [ip4][..udp] [......10.0.2.15][28681] -> [.219.68.179.137][.6406] - not-detected: [...409] [ip4][..udp] [......10.0.2.15][28681] -> [...86.194.53.68][33770] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...409] [ip4][..udp] [......10.0.2.15][28681] -> [...86.194.53.68][33770] - not-detected: [...482] [ip4][..udp] [......10.0.2.15][28681] -> [..86.193.23.172][42227] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...482] [ip4][..udp] [......10.0.2.15][28681] -> [..86.193.23.172][42227] - not-detected: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] - not-detected: [...407] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...407] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][.6346] + idle: [...415] [ip4][..udp] [......10.0.2.15][28681] -> [..90.247.160.96][17817] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...410] [ip4][..udp] [......10.0.2.15][28681] -> [..93.28.130.131][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...438] [ip4][..udp] [......10.0.2.15][28681] -> [..71.86.190.163][14142] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...403] [ip4][..udp] [......10.0.2.15][28681] -> [197.244.171.132][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...429] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.215.213][23576] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...436] [ip4][..udp] [......10.0.2.15][28681] -> [.219.68.179.137][.6406] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...409] [ip4][..udp] [......10.0.2.15][28681] -> [...86.194.53.68][33770] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...482] [ip4][..udp] [......10.0.2.15][28681] -> [..86.193.23.172][42227] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...108] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][.7922] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...407] [ip4][..udp] [......10.0.2.15][28681] -> [195.181.151.217][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...390] [ip4][..udp] [......10.0.2.15][28681] -> [144.134.132.206][16401] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...390] [ip4][..udp] [......10.0.2.15][28681] -> [144.134.132.206][16401] - not-detected: [...440] [ip4][..udp] [......10.0.2.15][28681] -> [203.165.170.112][37087] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...440] [ip4][..udp] [......10.0.2.15][28681] -> [203.165.170.112][37087] + idle: [...440] [ip4][..udp] [......10.0.2.15][28681] -> [203.165.170.112][37087] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...391] [ip4][..udp] [......10.0.2.15][28681] -> [...161.81.38.67][.9539] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...391] [ip4][..udp] [......10.0.2.15][28681] -> [...161.81.38.67][.9539] - not-detected: [...437] [ip4][..udp] [......10.0.2.15][28681] -> [....31.38.163.2][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...437] [ip4][..udp] [......10.0.2.15][28681] -> [....31.38.163.2][.6346] - not-detected: [...419] [ip4][..udp] [......10.0.2.15][28681] -> [...78.193.236.8][46557] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...419] [ip4][..udp] [......10.0.2.15][28681] -> [...78.193.236.8][46557] - not-detected: [...432] [ip4][..udp] [......10.0.2.15][28681] -> [...104.6.118.53][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...432] [ip4][..udp] [......10.0.2.15][28681] -> [...104.6.118.53][.6346] + idle: [...437] [ip4][..udp] [......10.0.2.15][28681] -> [....31.38.163.2][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...419] [ip4][..udp] [......10.0.2.15][28681] -> [...78.193.236.8][46557] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...432] [ip4][..udp] [......10.0.2.15][28681] -> [...104.6.118.53][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...397] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][24634] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...397] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][24634] - not-detected: [...430] [ip4][..udp] [......10.0.2.15][28681] -> [....90.8.95.165][40763] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...430] [ip4][..udp] [......10.0.2.15][28681] -> [....90.8.95.165][40763] + idle: [...430] [ip4][..udp] [......10.0.2.15][28681] -> [....90.8.95.165][40763] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...396] [ip4][..udp] [......10.0.2.15][28681] -> [..112.119.59.24][28755] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...396] [ip4][..udp] [......10.0.2.15][28681] -> [..112.119.59.24][28755] @@ -4042,37 +5145,48 @@ update: [...618] [ip4][..udp] [......10.0.2.15][28681] -> [...1.172.184.48][13281] update: [...544] [ip4][..udp] [......10.0.2.15][28681] -> [..111.184.29.35][30582] update: [...526] [ip4][..udp] [......10.0.2.15][28681] -> [..36.234.197.93][.1483] - update: [...509] [ip4][..udp] [......10.0.2.15][28681] -> [.92.142.109.190][41370] + update: [...509] [ip4][..udp] [......10.0.2.15][28681] -> [.92.142.109.190][41370] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...669] [ip4][..udp] [......10.0.2.15][28681] -> [218.164.200.235][.2846] update: [...609] [ip4][..udp] [......10.0.2.15][28681] -> [116.241.162.162][59016] update: [...690] [ip4][..udp] [......10.0.2.15][28681] -> [..61.18.212.223][50637] update: [...700] [ip4][..udp] [......10.0.2.15][28681] -> [...91.206.27.26][.6578] - update: [...511] [ip4][..udp] [......10.0.2.15][28681] -> [...68.47.223.27][.6346] - update: [...496] [ip4][..udp] [......10.0.2.15][28681] -> [.218.173.230.98][19004] + update: [...511] [ip4][..udp] [......10.0.2.15][28681] -> [...68.47.223.27][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...496] [ip4][..udp] [......10.0.2.15][28681] -> [.218.173.230.98][19004] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...533] [ip4][..udp] [......10.0.2.15][28681] -> [..36.229.185.60][.6898] update: [...592] [ip4][..udp] [......10.0.2.15][28681] -> [....1.36.249.91][.7190] update: [...701] [ip4][..udp] [......10.0.2.15][28681] -> [119.237.190.184][64163] - update: [...495] [ip4][..udp] [......10.0.2.15][28681] -> [...81.247.89.20][.6346] - update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] - update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] - update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] + update: [...495] [ip4][..udp] [......10.0.2.15][28681] -> [...81.247.89.20][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] update: [...603] [ip4][..udp] [......10.0.2.15][28681] -> [....1.36.249.91][64577] update: [...621] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.128.228][.3227] update: [...646] [ip4][..udp] [......10.0.2.15][28681] -> [..36.237.10.152][21293] update: [...740] [ip4][..udp] [......10.0.2.15][28681] -> [...36.237.25.47][21293] - update: [...516] [ip4][..udp] [......10.0.2.15][28681] -> [.119.246.147.72][.4572] + update: [...516] [ip4][..udp] [......10.0.2.15][28681] -> [.119.246.147.72][.4572] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...733] [ip4][..udp] [......10.0.2.15][28681] -> [...99.199.148.6][.4338] update: [...597] [ip4][..udp] [......10.0.2.15][28681] -> [..36.236.203.37][52274] update: [...675] [ip4][..udp] [......10.0.2.15][28681] -> [.123.205.118.77][62191] update: [...738] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.128.228][.3256] update: [...553] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.128.228][.3259] update: [...628] [ip4][..udp] [......10.0.2.15][28681] -> [....45.65.87.24][16201] - update: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] - update: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] + update: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...616] [ip4][..udp] [......10.0.2.15][28681] -> [220.208.167.152][30628] update: [...596] [ip4][..udp] [......10.0.2.15][28681] -> [..61.18.212.223][58954] - update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] + update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...713] [ip4][..udp] [......10.0.2.15][28681] -> [..218.103.139.2][51379] update: [...593] [ip4][..udp] [......10.0.2.15][28681] -> [..124.218.26.16][.9747] update: [...571] [ip4][..udp] [......10.0.2.15][28681] -> [.114.40.163.123][55341] @@ -4094,9 +5208,11 @@ update: [...534] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][54436] update: [...707] [ip4][..udp] [......10.0.2.15][28681] -> [..183.179.14.31][64871] update: [...744] [ip4][..udp] [......10.0.2.15][28681] -> [..164.132.10.25][48250] - update: [...501] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] + update: [...501] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...683] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][54459] - update: [...506] [ip4][..udp] [......10.0.2.15][28681] -> [..136.32.84.139][.6346] + update: [...506] [ip4][..udp] [......10.0.2.15][28681] -> [..136.32.84.139][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...562] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][59879] update: [...619] [ip4][..udp] [......10.0.2.15][28681] -> [...1.163.14.246][.1630] update: [...691] [ip4][..udp] [......10.0.2.15][28681] -> [..61.93.150.146][62507] @@ -4107,11 +5223,13 @@ update: [...622] [ip4][..udp] [......10.0.2.15][28681] -> [..36.234.18.166][61319] update: [...542] [ip4][..udp] [......10.0.2.15][28681] -> [..218.103.139.2][51675] update: [...714] [ip4][..udp] [......10.0.2.15][28681] -> [..76.174.174.69][21358] - update: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] + update: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...614] [ip4][..udp] [......10.0.2.15][28681] -> [.123.205.118.77][60482] update: [...746] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] update: [...606] [ip4][..udp] [......10.0.2.15][28681] -> [.149.28.163.175][42288] - update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] + update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...739] [ip4][..udp] [......10.0.2.15][28681] -> [.104.156.226.72][19814] update: [...587] [ip4][..udp] [......10.0.2.15][28681] -> [.94.134.154.158][54130] update: [...550] [ip4][..udp] [......10.0.2.15][28681] -> [.220.238.145.82][33527] @@ -4127,13 +5245,17 @@ update: [...594] [ip4][..udp] [......10.0.2.15][28681] -> [.119.237.116.22][.7375] update: [...613] [ip4][..udp] [......10.0.2.15][28681] -> [119.247.152.218][51920] update: [...617] [ip4][..udp] [......10.0.2.15][28681] -> [.119.237.116.22][.7380] - update: [...508] [ip4][..udp] [......10.0.2.15][28681] -> [...92.144.99.73][10745] + update: [...508] [ip4][..udp] [......10.0.2.15][28681] -> [...92.144.99.73][10745] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...582] [ip4][..udp] [......10.0.2.15][28681] -> [....223.16.83.5][10624] update: [...573] [ip4][..udp] [......10.0.2.15][28681] -> [..71.239.173.18][23327] - update: [...513] [ip4][..udp] [......10.0.2.15][28681] -> [..78.196.216.12][58910] - update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] + update: [...513] [ip4][..udp] [......10.0.2.15][28681] -> [..78.196.216.12][58910] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...568] [ip4][..udp] [......10.0.2.15][28681] -> [.123.205.118.77][56562] - update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] + update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...538] [ip4][..udp] [......10.0.2.15][28681] -> [.124.218.41.253][14339] update: [...623] [ip4][..udp] [......10.0.2.15][28681] -> [.210.209.249.84][24751] update: [...629] [ip4][..udp] [......10.0.2.15][28681] -> [.14.200.255.229][45710] @@ -4146,18 +5268,24 @@ update: [...600] [ip4][..udp] [......10.0.2.15][28681] -> [....1.64.156.63][60092] update: [...645] [ip4][..udp] [......10.0.2.15][28681] -> [...59.104.173.5][49803] update: [...661] [ip4][..udp] [......10.0.2.15][28681] -> [...24.127.1.235][37814] - update: [...499] [ip4][..udp] [......10.0.2.15][28681] -> [....1.161.80.82][.8656] + update: [...499] [ip4][..udp] [......10.0.2.15][28681] -> [....1.161.80.82][.8656] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...626] [ip4][..udp] [......10.0.2.15][28681] -> [...59.104.173.5][49815] update: [...703] [ip4][..udp] [......10.0.2.15][28681] -> [..114.40.67.191][14971] update: [...560] [ip4][..udp] [......10.0.2.15][28681] -> [..118.168.15.71][53883] update: [...656] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][54914] update: [...727] [ip4][..udp] [......10.0.2.15][28681] -> [101.136.187.253][10914] update: [...521] [ip4][..udp] [......10.0.2.15][28681] -> [.113.255.250.32][23458] - update: [...503] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] - update: [...505] [ip4][..udp] [......10.0.2.15][28681] -> [.....42.2.62.28][.6387] - update: [...494] [ip4][..udp] [......10.0.2.15][28681] -> [...86.210.81.59][.6346] - update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] - update: [...498] [ip4][..udp] [......10.0.2.15][28681] -> [...8.44.149.207][30551] + update: [...503] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...505] [ip4][..udp] [......10.0.2.15][28681] -> [.....42.2.62.28][.6387] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...494] [ip4][..udp] [......10.0.2.15][28681] -> [...86.210.81.59][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...498] [ip4][..udp] [......10.0.2.15][28681] -> [...8.44.149.207][30551] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...704] [ip4][..udp] [......10.0.2.15][28681] -> [..123.192.83.59][33513] update: [...641] [ip4][..udp] [......10.0.2.15][28681] -> [.36.233.199.103][.2625] update: [...717] [ip4][..udp] [......10.0.2.15][28681] -> [...79.191.58.38][48157] @@ -4178,20 +5306,25 @@ update: [...716] [ip4][..udp] [......10.0.2.15][28681] -> [...98.249.190.8][25198] update: [...731] [ip4][..udp] [......10.0.2.15][28681] -> [..50.58.238.163][.6564] update: [...545] [ip4][..udp] [......10.0.2.15][28681] -> [..116.49.159.77][55915] - update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] + update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...735] [ip4][..udp] [......10.0.2.15][28681] -> [..45.31.152.112][52420] - update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] + update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...663] [ip4][..udp] [......10.0.2.15][28681] -> [..50.58.238.163][.6594] update: [...634] [ip4][..udp] [......10.0.2.15][28681] -> [..24.179.18.242][47329] update: [...747] [ip4][..udp] [......10.0.2.15][28681] -> [..50.58.238.163][.6599] update: [...527] [ip4][..udp] [......10.0.2.15][28681] -> [..42.72.149.140][37848] update: [...643] [ip4][..udp] [......10.0.2.15][28681] -> [..31.20.248.147][30706] update: [...711] [ip4][..udp] [......10.0.2.15][28681] -> [..220.129.86.65][49723] - update: [...504] [ip4][..udp] [......10.0.2.15][28681] -> [..85.203.45.107][.6346] + update: [...504] [ip4][..udp] [......10.0.2.15][28681] -> [..85.203.45.107][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...563] [ip4][..udp] [......10.0.2.15][28681] -> [...112.105.52.2][.6831] - update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] + update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...639] [ip4][..udp] [......10.0.2.15][28681] -> [.119.237.116.22][.7849] - update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] + update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...729] [ip4][..udp] [......10.0.2.15][28681] -> [..114.47.227.91][54463] update: [...732] [ip4][..udp] [......10.0.2.15][28681] -> [..85.168.34.105][39908] update: [...633] [ip4][..udp] [......10.0.2.15][28681] -> [..68.174.18.115][50679] @@ -4206,7 +5339,8 @@ update: [...644] [ip4][..udp] [......10.0.2.15][28681] -> [...173.22.22.94][34245] update: [...666] [ip4][..udp] [......10.0.2.15][28681] -> [.159.196.95.223][.2003] update: [...648] [ip4][..udp] [......10.0.2.15][28681] -> [180.218.135.222][.4548] - update: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] + update: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...579] [ip4][..udp] [......10.0.2.15][28681] -> [.223.16.170.108][23458] update: [...677] [ip4][..udp] [......10.0.2.15][28681] -> [....223.16.83.5][.9128] update: [...706] [ip4][..udp] [......10.0.2.15][28681] -> [218.164.200.235][.1968] @@ -4218,16 +5352,22 @@ update: [...741] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.128.228][.4364] update: [...696] [ip4][..udp] [......10.0.2.15][28681] -> [188.165.203.190][55050] update: [...537] [ip4][..udp] [......10.0.2.15][28681] -> [218.164.200.235][.2034] - update: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] - update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] + update: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...585] [ip4][..udp] [......10.0.2.15][28681] -> [..51.68.153.214][35004] - update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] - update: [...502] [ip4][..udp] [......10.0.2.15][28681] -> [..47.156.58.211][.6346] - update: [...507] [ip4][..udp] [......10.0.2.15][28681] -> [...50.4.204.220][.6346] + update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...502] [ip4][..udp] [......10.0.2.15][28681] -> [..47.156.58.211][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...507] [ip4][..udp] [......10.0.2.15][28681] -> [...50.4.204.220][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...686] [ip4][..udp] [......10.0.2.15][28681] -> [.119.14.143.237][13965] update: [...662] [ip4][..udp] [......10.0.2.15][28681] -> [..96.59.117.166][33192] update: [...535] [ip4][..udp] [......10.0.2.15][28681] -> [...114.27.24.95][10655] - update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] + update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...602] [ip4][..udp] [......10.0.2.15][28681] -> [.123.203.72.224][53658] update: [...589] [ip4][..udp] [......10.0.2.15][28681] -> [.113.255.250.32][52647] update: [...653] [ip4][..udp] [......10.0.2.15][28681] -> [....82.12.1.136][.6348] @@ -4235,8 +5375,10 @@ update: [...610] [ip4][..udp] [......10.0.2.15][28681] -> [..61.10.174.159][.4841] update: [...532] [ip4][..udp] [......10.0.2.15][28681] -> [...114.27.24.95][10677] update: [...695] [ip4][..udp] [......10.0.2.15][28681] -> [..76.189.72.230][.8161] - update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] - update: [...512] [ip4][..udp] [......10.0.2.15][28681] -> [..209.204.207.5][49256] + update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...512] [ip4][..udp] [......10.0.2.15][28681] -> [..209.204.207.5][49256] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...734] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.91.201][.4297] update: [...627] [ip4][..udp] [......10.0.2.15][28681] -> [..73.62.225.181][46843] update: [...552] [ip4][..udp] [......10.0.2.15][28681] -> [...218.250.6.59][60012] @@ -4248,11 +5390,13 @@ update: [...671] [ip4][..udp] [......10.0.2.15][28681] -> [180.218.135.222][49867] update: [...574] [ip4][..udp] [......10.0.2.15][28681] -> [..223.17.132.18][23458] update: [...678] [ip4][..udp] [......10.0.2.15][28681] -> [150.116.225.105][51438] - update: [...518] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] + update: [...518] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...715] [ip4][..udp] [......10.0.2.15][28681] -> [...219.71.72.88][58808] update: [...659] [ip4][..udp] [......10.0.2.15][28681] -> [...114.27.24.95][10791] update: [...543] [ip4][..udp] [......10.0.2.15][28681] -> [..114.39.159.60][56896] - update: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] + update: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...564] [ip4][..udp] [......10.0.2.15][28681] -> [..61.222.160.99][53144] update: [...557] [ip4][..udp] [......10.0.2.15][28681] -> [..61.222.160.99][53163] update: [...647] [ip4][..udp] [......10.0.2.15][28681] -> [..61.18.212.223][58290] @@ -4264,15 +5408,21 @@ update: [...576] [ip4][..udp] [......10.0.2.15][28681] -> [104.238.172.250][42925] update: [...570] [ip4][..udp] [......10.0.2.15][28681] -> [..97.83.183.148][.8890] update: [...680] [ip4][..udp] [......10.0.2.15][28681] -> [.61.227.198.100][.6910] - update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] - update: [...500] [ip4][..udp] [......10.0.2.15][28681] -> [.220.143.34.225][20071] + update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...500] [ip4][..udp] [......10.0.2.15][28681] -> [.220.143.34.225][20071] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...566] [ip4][..udp] [......10.0.2.15][28681] -> [...58.176.62.40][52755] - update: [...514] [ip4][..udp] [......10.0.2.15][28681] -> [..83.114.40.175][23552] + update: [...514] [ip4][..udp] [......10.0.2.15][28681] -> [..83.114.40.175][23552] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...599] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][59875] - update: [...517] [ip4][..udp] [......10.0.2.15][28681] -> [..36.239.162.27][.7986] - update: [...519] [ip4][..udp] [......10.0.2.15][28681] -> [...219.70.48.23][.8070] + update: [...517] [ip4][..udp] [......10.0.2.15][28681] -> [..36.239.162.27][.7986] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...519] [ip4][..udp] [......10.0.2.15][28681] -> [...219.70.48.23][.8070] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...601] [ip4][..udp] [......10.0.2.15][28681] -> [113.255.200.161][65274] - update: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] + update: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...638] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.242.225][15068] update: [...726] [ip4][..udp] [......10.0.2.15][28681] -> [....1.171.82.65][50072] update: [...608] [ip4][..udp] [......10.0.2.15][28681] -> [...1.163.14.246][23461] @@ -4291,13 +5441,17 @@ update: [...709] [ip4][..udp] [......10.0.2.15][28681] -> [.223.16.121.156][.3624] update: [...547] [ip4][..udp] [......10.0.2.15][28681] -> [213.229.111.224][43316] update: [...687] [ip4][..udp] [......10.0.2.15][28681] -> [..66.30.221.181][53454] - update: [...510] [ip4][..udp] [......10.0.2.15][28681] -> [...79.94.85.113][.6346] + update: [...510] [ip4][..udp] [......10.0.2.15][28681] -> [...79.94.85.113][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...652] [ip4][..udp] [......10.0.2.15][28681] -> [..94.139.21.182][50110] update: [...530] [ip4][..udp] [......10.0.2.15][28681] -> [118.167.248.220][59304] - update: [...497] [ip4][..udp] [......10.0.2.15][28681] -> [..84.100.76.123][39628] + update: [...497] [ip4][..udp] [......10.0.2.15][28681] -> [..84.100.76.123][39628] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...569] [ip4][..udp] [......10.0.2.15][28681] -> [....73.89.249.8][50649] - update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] - update: [...515] [ip4][..udp] [......10.0.2.15][28681] -> [220.137.106.173][11625] + update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...515] [ip4][..udp] [......10.0.2.15][28681] -> [220.137.106.173][11625] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...522] [ip4][..udp] [......10.0.2.15][28681] -> [119.247.152.218][51153] update: [...590] [ip4][..udp] [......10.0.2.15][28681] -> [...95.10.205.67][48380] update: [...605] [ip4][..udp] [......10.0.2.15][28681] -> [180.149.125.139][.6578] @@ -4317,32 +5471,32 @@ update: [...523] [ip4][..udp] [......10.0.2.15][28681] -> [..1.162.138.200][24018] update: [...693] [ip4][..udp] [......10.0.2.15][28681] -> [.98.215.130.156][12405] new: [...763] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] + detected: [...763] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...764] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] - not-detected: [...306] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...306] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] - not-detected: [...421] [ip4][..udp] [......10.0.2.15][28681] -> [..175.182.39.11][12977] [Unknown][Unknown][Unrated] - idle: [...421] [ip4][..udp] [......10.0.2.15][28681] -> [..175.182.39.11][12977] - guessed: [...484] [ip4][..udp] [......10.0.2.15][28681] -> [...107.4.56.177][10000] [CiscoVPN][Unknown][VPN][Acceptable] - RISK: Unidirectional Traffic - idle: [...484] [ip4][..udp] [......10.0.2.15][28681] -> [...107.4.56.177][10000] - not-detected: [...467] [ip4][..udp] [......10.0.2.15][28681] -> [...61.64.177.53][23458] [Unknown][Unknown][Unrated] - idle: [...467] [ip4][..udp] [......10.0.2.15][28681] -> [...61.64.177.53][23458] + detected: [...764] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...306] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...421] [ip4][..udp] [......10.0.2.15][28681] -> [..175.182.39.11][12977] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...484] [ip4][..udp] [......10.0.2.15][28681] -> [...107.4.56.177][10000] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...467] [ip4][..udp] [......10.0.2.15][28681] -> [...61.64.177.53][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...483] [ip4][..udp] [.......10.0.2.2][.1026] -> [......10.0.2.15][28681] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...483] [ip4][..udp] [.......10.0.2.2][.1026] -> [......10.0.2.15][28681] - not-detected: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] - not-detected: [...423] [ip4][..udp] [......10.0.2.15][28681] -> [..119.247.6.226][.9713] [Unknown][Unknown][Unrated] - idle: [...423] [ip4][..udp] [......10.0.2.15][28681] -> [..119.247.6.226][.9713] - not-detected: [...414] [ip4][..udp] [......10.0.2.15][28681] -> [175.181.156.244][.8255] [Unknown][Unknown][Unrated] - idle: [...414] [ip4][..udp] [......10.0.2.15][28681] -> [175.181.156.244][.8255] - not-detected: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] - not-detected: [...434] [ip4][..udp] [......10.0.2.15][28681] -> [.114.24.182.130][22232] [Unknown][Unknown][Unrated] - idle: [...434] [ip4][..udp] [......10.0.2.15][28681] -> [.114.24.182.130][22232] + idle: [...213] [ip4][..udp] [......10.0.2.15][28681] -> [....5.180.62.37][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...423] [ip4][..udp] [......10.0.2.15][28681] -> [..119.247.6.226][.9713] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...414] [ip4][..udp] [......10.0.2.15][28681] -> [175.181.156.244][.8255] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...113] [ip4][..udp] [......10.0.2.15][28681] -> [105.101.132.146][57746] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...434] [ip4][..udp] [......10.0.2.15][28681] -> [.114.24.182.130][22232] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...377] [ip4][..udp] [......10.0.2.15][28681] -> [.180.200.236.13][12082] update: [...441] [ip4][..udp] [......10.0.2.15][28681] -> [.36.237.199.108][56040] update: [...450] [ip4][..udp] [......10.0.2.15][28681] -> [113.252.206.254][23458] @@ -4391,7 +5545,8 @@ update: [...317] [ip4][..udp] [......10.0.2.15][28681] -> [...96.236.205.7][34794] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...376] [ip4][..udp] [......10.0.2.15][28681] -> [....156.57.42.2][33476] - update: [...485] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.209][.6346] + update: [...485] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.209][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...261] [ip4][..udp] [......10.0.2.15][28681] -> [..60.241.48.194][21301] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...313] [ip4][..udp] [......10.0.2.15][28681] -> [..176.99.176.20][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] @@ -4400,13 +5555,15 @@ update: [...255] [ip4][..udp] [......10.0.2.15][28681] -> [..80.61.221.246][30577] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...458] [ip4][..udp] [......10.0.2.15][28681] -> [118.165.228.167][12201] - update: [...486] [ip4][..udp] [......10.0.2.15][28681] -> [...88.68.45.203][.6346] + update: [...486] [ip4][..udp] [......10.0.2.15][28681] -> [...88.68.45.203][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...248] [ip4][..udp] [......10.0.2.15][28681] -> [..66.30.221.181][12012] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...380] [ip4][..udp] [......10.0.2.15][28681] -> [...83.86.49.195][12019] update: [...457] [ip4][..udp] [......10.0.2.15][28681] -> [119.247.240.113][13867] update: [...383] [ip4][..udp] [......10.0.2.15][28681] -> [...84.71.243.60][34498] - update: [...400] [ip4][..udp] [......10.0.2.15][28681] -> [..129.45.47.167][.6346] + update: [...400] [ip4][..udp] [......10.0.2.15][28681] -> [..129.45.47.167][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...253] [ip4][..udp] [......10.0.2.15][28681] -> [.193.37.255.130][61616] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...463] [ip4][..udp] [......10.0.2.15][28681] -> [..200.7.155.210][28365] @@ -4429,22 +5586,18 @@ update: [...442] [ip4][..udp] [......10.0.2.15][28681] -> [..89.204.130.55][29545] update: [...312] [ip4][..udp] [......10.0.2.15][28681] -> [..24.167.201.53][47282] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - not-detected: [...488] [ip4][..udp] [......10.0.2.15][28681] -> [.183.179.90.112][.9852] [Unknown][Unknown][Unrated] - idle: [...488] [ip4][..udp] [......10.0.2.15][28681] -> [.183.179.90.112][.9852] - not-detected: [...490] [ip4][..udp] [......10.0.2.15][28681] -> [...90.3.215.132][20356] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...490] [ip4][..udp] [......10.0.2.15][28681] -> [...90.3.215.132][20356] - not-detected: [...489] [ip4][..udp] [......10.0.2.15][28681] -> [...108.44.45.25][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...489] [ip4][..udp] [......10.0.2.15][28681] -> [...108.44.45.25][.6346] - not-detected: [...487] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...487] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] - not-detected: [...491] [ip4][..udp] [......10.0.2.15][28681] -> [..36.233.42.210][.5512] [Unknown][Unknown][Unrated] - idle: [...491] [ip4][..udp] [......10.0.2.15][28681] -> [..36.233.42.210][.5512] - not-detected: [...492] [ip4][..udp] [......10.0.2.15][28681] -> [...172.94.41.71][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...492] [ip4][..udp] [......10.0.2.15][28681] -> [...172.94.41.71][.6346] + idle: [...488] [ip4][..udp] [......10.0.2.15][28681] -> [.183.179.90.112][.9852] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...490] [ip4][..udp] [......10.0.2.15][28681] -> [...90.3.215.132][20356] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...489] [ip4][..udp] [......10.0.2.15][28681] -> [...108.44.45.25][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...487] [ip4][..udp] [......10.0.2.15][28681] -> [..24.78.134.188][49046] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...491] [ip4][..udp] [......10.0.2.15][28681] -> [..36.233.42.210][.5512] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...492] [ip4][..udp] [......10.0.2.15][28681] -> [...172.94.41.71][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...754] [ip4][..udp] [......10.0.2.15][28681] -> [..84.125.218.84][17561] update: [...759] [ip4][..udp] [......10.0.2.15][28681] -> [104.238.172.250][23548] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic @@ -4466,9 +5619,8 @@ not-detected: [...526] [ip4][..udp] [......10.0.2.15][28681] -> [..36.234.197.93][.1483] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...526] [ip4][..udp] [......10.0.2.15][28681] -> [..36.234.197.93][.1483] - not-detected: [...509] [ip4][..udp] [......10.0.2.15][28681] -> [.92.142.109.190][41370] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...509] [ip4][..udp] [......10.0.2.15][28681] -> [.92.142.109.190][41370] + idle: [...509] [ip4][..udp] [......10.0.2.15][28681] -> [.92.142.109.190][41370] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...669] [ip4][..udp] [......10.0.2.15][28681] -> [218.164.200.235][.2846] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...669] [ip4][..udp] [......10.0.2.15][28681] -> [218.164.200.235][.2846] @@ -4484,26 +5636,23 @@ guessed: [...700] [ip4][..udp] [......10.0.2.15][28681] -> [...91.206.27.26][.6578] [Tor][Tor][VPN][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic idle: [...700] [ip4][..udp] [......10.0.2.15][28681] -> [...91.206.27.26][.6578] - not-detected: [...511] [ip4][..udp] [......10.0.2.15][28681] -> [...68.47.223.27][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...511] [ip4][..udp] [......10.0.2.15][28681] -> [...68.47.223.27][.6346] + idle: [...511] [ip4][..udp] [......10.0.2.15][28681] -> [...68.47.223.27][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [...331] [ip4][..udp] [......10.0.2.15][28681] -> [..45.31.152.112][26851] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic idle: [...361] [ip4][..udp] [......10.0.2.15][28681] -> [..86.129.196.84][.9915] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...450] [ip4][..udp] [......10.0.2.15][28681] -> [113.252.206.254][23458] [Unknown][Unknown][Unrated] idle: [...450] [ip4][..udp] [......10.0.2.15][28681] -> [113.252.206.254][23458] - not-detected: [...496] [ip4][..udp] [......10.0.2.15][28681] -> [.218.173.230.98][19004] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...496] [ip4][..udp] [......10.0.2.15][28681] -> [.218.173.230.98][19004] + idle: [...496] [ip4][..udp] [......10.0.2.15][28681] -> [.218.173.230.98][19004] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...592] [ip4][..udp] [......10.0.2.15][28681] -> [....1.36.249.91][.7190] [Unknown][Unknown][Unrated] idle: [...592] [ip4][..udp] [......10.0.2.15][28681] -> [....1.36.249.91][.7190] not-detected: [...701] [ip4][..udp] [......10.0.2.15][28681] -> [119.237.190.184][64163] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...701] [ip4][..udp] [......10.0.2.15][28681] -> [119.237.190.184][64163] - not-detected: [...495] [ip4][..udp] [......10.0.2.15][28681] -> [...81.247.89.20][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...495] [ip4][..udp] [......10.0.2.15][28681] -> [...81.247.89.20][.6346] + idle: [...495] [ip4][..udp] [......10.0.2.15][28681] -> [...81.247.89.20][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [...493] [ip4][..udp] [......10.0.2.15][57552] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] not-detected: [...479] [ip4][..udp] [......10.0.2.15][28681] -> [.123.205.13.148][51896] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic @@ -4524,9 +5673,8 @@ not-detected: [...621] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.128.228][.3227] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...621] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.128.228][.3227] - not-detected: [...516] [ip4][..udp] [......10.0.2.15][28681] -> [.119.246.147.72][.4572] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...516] [ip4][..udp] [......10.0.2.15][28681] -> [.119.246.147.72][.4572] + idle: [...516] [ip4][..udp] [......10.0.2.15][28681] -> [.119.246.147.72][.4572] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...733] [ip4][..udp] [......10.0.2.15][28681] -> [...99.199.148.6][.4338] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...733] [ip4][..udp] [......10.0.2.15][28681] -> [...99.199.148.6][.4338] @@ -4626,9 +5774,8 @@ not-detected: [...707] [ip4][..udp] [......10.0.2.15][28681] -> [..183.179.14.31][64871] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...707] [ip4][..udp] [......10.0.2.15][28681] -> [..183.179.14.31][64871] - not-detected: [...501] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...501] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] + idle: [...501] [ip4][..udp] [......10.0.2.15][28681] -> [.88.160.214.137][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...476] [ip4][..udp] [......10.0.2.15][28681] -> [..98.18.172.208][63172] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...476] [ip4][..udp] [......10.0.2.15][28681] -> [..98.18.172.208][63172] @@ -4642,9 +5789,8 @@ idle: [...386] [ip4][..udp] [......10.0.2.15][28681] -> [...85.172.10.90][40162] idle: [...344] [ip4][..udp] [......10.0.2.15][28681] -> [.207.38.163.228][.6778] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - not-detected: [...506] [ip4][..udp] [......10.0.2.15][28681] -> [..136.32.84.139][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...506] [ip4][..udp] [......10.0.2.15][28681] -> [..136.32.84.139][.6346] + idle: [...506] [ip4][..udp] [......10.0.2.15][28681] -> [..136.32.84.139][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...619] [ip4][..udp] [......10.0.2.15][28681] -> [...1.163.14.246][.1630] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...619] [ip4][..udp] [......10.0.2.15][28681] -> [...1.163.14.246][.1630] @@ -4725,14 +5871,12 @@ not-detected: [...617] [ip4][..udp] [......10.0.2.15][28681] -> [.119.237.116.22][.7380] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...617] [ip4][..udp] [......10.0.2.15][28681] -> [.119.237.116.22][.7380] - not-detected: [...508] [ip4][..udp] [......10.0.2.15][28681] -> [...92.144.99.73][10745] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...508] [ip4][..udp] [......10.0.2.15][28681] -> [...92.144.99.73][10745] + idle: [...508] [ip4][..udp] [......10.0.2.15][28681] -> [...92.144.99.73][10745] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...582] [ip4][..udp] [......10.0.2.15][28681] -> [....223.16.83.5][10624] [Unknown][Unknown][Unrated] idle: [...582] [ip4][..udp] [......10.0.2.15][28681] -> [....223.16.83.5][10624] - not-detected: [...513] [ip4][..udp] [......10.0.2.15][28681] -> [..78.196.216.12][58910] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...513] [ip4][..udp] [......10.0.2.15][28681] -> [..78.196.216.12][58910] + idle: [...513] [ip4][..udp] [......10.0.2.15][28681] -> [..78.196.216.12][58910] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...568] [ip4][..udp] [......10.0.2.15][28681] -> [.123.205.118.77][56562] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...568] [ip4][..udp] [......10.0.2.15][28681] -> [.123.205.118.77][56562] @@ -4771,8 +5915,8 @@ not-detected: [...661] [ip4][..udp] [......10.0.2.15][28681] -> [...24.127.1.235][37814] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...661] [ip4][..udp] [......10.0.2.15][28681] -> [...24.127.1.235][37814] - not-detected: [...499] [ip4][..udp] [......10.0.2.15][28681] -> [....1.161.80.82][.8656] [Unknown][Unknown][Unrated] - idle: [...499] [ip4][..udp] [......10.0.2.15][28681] -> [....1.161.80.82][.8656] + idle: [...499] [ip4][..udp] [......10.0.2.15][28681] -> [....1.161.80.82][.8656] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...626] [ip4][..udp] [......10.0.2.15][28681] -> [...59.104.173.5][49815] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...626] [ip4][..udp] [......10.0.2.15][28681] -> [...59.104.173.5][49815] @@ -4794,11 +5938,10 @@ not-detected: [...521] [ip4][..udp] [......10.0.2.15][28681] -> [.113.255.250.32][23458] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...521] [ip4][..udp] [......10.0.2.15][28681] -> [.113.255.250.32][23458] - not-detected: [...505] [ip4][..udp] [......10.0.2.15][28681] -> [.....42.2.62.28][.6387] [Unknown][Unknown][Unrated] - idle: [...505] [ip4][..udp] [......10.0.2.15][28681] -> [.....42.2.62.28][.6387] - not-detected: [...494] [ip4][..udp] [......10.0.2.15][28681] -> [...86.210.81.59][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...494] [ip4][..udp] [......10.0.2.15][28681] -> [...86.210.81.59][.6346] + idle: [...505] [ip4][..udp] [......10.0.2.15][28681] -> [.....42.2.62.28][.6387] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...494] [ip4][..udp] [......10.0.2.15][28681] -> [...86.210.81.59][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...375] [ip4][..udp] [......10.0.2.15][28681] -> [..73.182.136.42][27873] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...375] [ip4][..udp] [......10.0.2.15][28681] -> [..73.182.136.42][27873] @@ -4808,9 +5951,8 @@ not-detected: [...453] [ip4][..udp] [......10.0.2.15][28681] -> [..74.127.26.138][.3083] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...453] [ip4][..udp] [......10.0.2.15][28681] -> [..74.127.26.138][.3083] - not-detected: [...498] [ip4][..udp] [......10.0.2.15][28681] -> [...8.44.149.207][30551] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...498] [ip4][..udp] [......10.0.2.15][28681] -> [...8.44.149.207][30551] + idle: [...498] [ip4][..udp] [......10.0.2.15][28681] -> [...8.44.149.207][30551] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [...257] [ip4][..udp] [......10.0.2.15][28681] -> [.82.181.251.218][36368] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...704] [ip4][..udp] [......10.0.2.15][28681] -> [..123.192.83.59][33513] [Unknown][Unknown][Unrated] @@ -4899,9 +6041,8 @@ not-detected: [...563] [ip4][..udp] [......10.0.2.15][28681] -> [...112.105.52.2][.6831] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...563] [ip4][..udp] [......10.0.2.15][28681] -> [...112.105.52.2][.6831] - not-detected: [...504] [ip4][..udp] [......10.0.2.15][28681] -> [..85.203.45.107][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...504] [ip4][..udp] [......10.0.2.15][28681] -> [..85.203.45.107][.6346] + idle: [...504] [ip4][..udp] [......10.0.2.15][28681] -> [..85.203.45.107][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...639] [ip4][..udp] [......10.0.2.15][28681] -> [.119.237.116.22][.7849] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...639] [ip4][..udp] [......10.0.2.15][28681] -> [.119.237.116.22][.7849] @@ -4983,12 +6124,10 @@ not-detected: [...585] [ip4][..udp] [......10.0.2.15][28681] -> [..51.68.153.214][35004] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...585] [ip4][..udp] [......10.0.2.15][28681] -> [..51.68.153.214][35004] - not-detected: [...502] [ip4][..udp] [......10.0.2.15][28681] -> [..47.156.58.211][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...502] [ip4][..udp] [......10.0.2.15][28681] -> [..47.156.58.211][.6346] - not-detected: [...507] [ip4][..udp] [......10.0.2.15][28681] -> [...50.4.204.220][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...507] [ip4][..udp] [......10.0.2.15][28681] -> [...50.4.204.220][.6346] + idle: [...502] [ip4][..udp] [......10.0.2.15][28681] -> [..47.156.58.211][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...507] [ip4][..udp] [......10.0.2.15][28681] -> [...50.4.204.220][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...686] [ip4][..udp] [......10.0.2.15][28681] -> [.119.14.143.237][13965] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...686] [ip4][..udp] [......10.0.2.15][28681] -> [.119.14.143.237][13965] @@ -5014,9 +6153,8 @@ idle: [...610] [ip4][..udp] [......10.0.2.15][28681] -> [..61.10.174.159][.4841] idle: [...248] [ip4][..udp] [......10.0.2.15][28681] -> [..66.30.221.181][12012] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - not-detected: [...512] [ip4][..udp] [......10.0.2.15][28681] -> [..209.204.207.5][49256] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...512] [ip4][..udp] [......10.0.2.15][28681] -> [..209.204.207.5][49256] + idle: [...512] [ip4][..udp] [......10.0.2.15][28681] -> [..209.204.207.5][49256] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...734] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.91.201][.4297] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...734] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.91.201][.4297] @@ -5047,9 +6185,8 @@ not-detected: [...678] [ip4][..udp] [......10.0.2.15][28681] -> [150.116.225.105][51438] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...678] [ip4][..udp] [......10.0.2.15][28681] -> [150.116.225.105][51438] - not-detected: [...518] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...518] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] + idle: [...518] [ip4][..udp] [......10.0.2.15][28681] -> [..202.151.63.59][.7624] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...715] [ip4][..udp] [......10.0.2.15][28681] -> [...219.71.72.88][58808] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...715] [ip4][..udp] [......10.0.2.15][28681] -> [...219.71.72.88][58808] @@ -5090,23 +6227,20 @@ not-detected: [...680] [ip4][..udp] [......10.0.2.15][28681] -> [.61.227.198.100][.6910] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...680] [ip4][..udp] [......10.0.2.15][28681] -> [.61.227.198.100][.6910] - not-detected: [...500] [ip4][..udp] [......10.0.2.15][28681] -> [.220.143.34.225][20071] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...500] [ip4][..udp] [......10.0.2.15][28681] -> [.220.143.34.225][20071] + idle: [...500] [ip4][..udp] [......10.0.2.15][28681] -> [.220.143.34.225][20071] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...566] [ip4][..udp] [......10.0.2.15][28681] -> [...58.176.62.40][52755] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...566] [ip4][..udp] [......10.0.2.15][28681] -> [...58.176.62.40][52755] - not-detected: [...514] [ip4][..udp] [......10.0.2.15][28681] -> [..83.114.40.175][23552] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...514] [ip4][..udp] [......10.0.2.15][28681] -> [..83.114.40.175][23552] + idle: [...514] [ip4][..udp] [......10.0.2.15][28681] -> [..83.114.40.175][23552] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...599] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][59875] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...599] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][59875] - not-detected: [...517] [ip4][..udp] [......10.0.2.15][28681] -> [..36.239.162.27][.7986] [Unknown][Unknown][Unrated] - idle: [...517] [ip4][..udp] [......10.0.2.15][28681] -> [..36.239.162.27][.7986] - not-detected: [...519] [ip4][..udp] [......10.0.2.15][28681] -> [...219.70.48.23][.8070] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...519] [ip4][..udp] [......10.0.2.15][28681] -> [...219.70.48.23][.8070] + idle: [...517] [ip4][..udp] [......10.0.2.15][28681] -> [..36.239.162.27][.7986] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...519] [ip4][..udp] [......10.0.2.15][28681] -> [...219.70.48.23][.8070] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...601] [ip4][..udp] [......10.0.2.15][28681] -> [113.255.200.161][65274] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...601] [ip4][..udp] [......10.0.2.15][28681] -> [113.255.200.161][65274] @@ -5171,15 +6305,13 @@ idle: [...445] [ip4][..udp] [......10.0.2.15][28681] -> [118.165.153.100][.4509] idle: [...262] [ip4][..udp] [......10.0.2.15][28681] -> [....89.75.52.19][46010] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - not-detected: [...510] [ip4][..udp] [......10.0.2.15][28681] -> [...79.94.85.113][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...510] [ip4][..udp] [......10.0.2.15][28681] -> [...79.94.85.113][.6346] + idle: [...510] [ip4][..udp] [......10.0.2.15][28681] -> [...79.94.85.113][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...652] [ip4][..udp] [......10.0.2.15][28681] -> [..94.139.21.182][50110] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...652] [ip4][..udp] [......10.0.2.15][28681] -> [..94.139.21.182][50110] - not-detected: [...497] [ip4][..udp] [......10.0.2.15][28681] -> [..84.100.76.123][39628] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...497] [ip4][..udp] [......10.0.2.15][28681] -> [..84.100.76.123][39628] + idle: [...497] [ip4][..udp] [......10.0.2.15][28681] -> [..84.100.76.123][39628] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...569] [ip4][..udp] [......10.0.2.15][28681] -> [....73.89.249.8][50649] [Unknown][Unknown][Unrated] idle: [...569] [ip4][..udp] [......10.0.2.15][28681] -> [....73.89.249.8][50649] not-detected: [...393] [ip4][..udp] [......10.0.2.15][28681] -> [.58.115.158.103][.5110] [Unknown][Unknown][Unrated] @@ -5187,9 +6319,8 @@ idle: [...393] [ip4][..udp] [......10.0.2.15][28681] -> [.58.115.158.103][.5110] not-detected: [...464] [ip4][..udp] [......10.0.2.15][28681] -> [...101.128.66.8][34512] [Unknown][Unknown][Unrated] idle: [...464] [ip4][..udp] [......10.0.2.15][28681] -> [...101.128.66.8][34512] - not-detected: [...515] [ip4][..udp] [......10.0.2.15][28681] -> [220.137.106.173][11625] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...515] [ip4][..udp] [......10.0.2.15][28681] -> [220.137.106.173][11625] + idle: [...515] [ip4][..udp] [......10.0.2.15][28681] -> [220.137.106.173][11625] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...522] [ip4][..udp] [......10.0.2.15][28681] -> [119.247.152.218][51153] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...522] [ip4][..udp] [......10.0.2.15][28681] -> [119.247.152.218][51153] @@ -5257,102 +6388,161 @@ RISK: Unidirectional Traffic idle: [...693] [ip4][..udp] [......10.0.2.15][28681] -> [.98.215.130.156][12405] update: [...544] [ip4][..udp] [......10.0.2.15][28681] -> [..111.184.29.35][30582] - update: [...750] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] + update: [...750] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...533] [ip4][..udp] [......10.0.2.15][28681] -> [..36.229.185.60][.6898] - update: [...752] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] - update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] - update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] - update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] - update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] - update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] - update: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] + update: [...752] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...553] [ip4][..udp] [......10.0.2.15][28681] -> [182.155.128.228][.3259] - update: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] - update: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] - update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] + update: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [.....8] [ip4][....2] [......10.0.2.15] -> [.....224.0.0.22] [IGMP][Unknown][Network][Acceptable] update: [...546] [ip4][..udp] [......10.0.2.15][28681] -> [.38.142.119.234][49867] update: [...531] [ip4][..udp] [......10.0.2.15][28681] -> [..218.103.139.2][51497] update: [...534] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][54436] update: [...760] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous] RISK: Unsafe Protocol - update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] + update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...562] [ip4][..udp] [......10.0.2.15][28681] -> [112.119.242.110][59879] - update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] + update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...542] [ip4][..udp] [......10.0.2.15][28681] -> [..218.103.139.2][51675] - update: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] - update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] - update: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] - update: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] + update: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...551] [ip4][..udp] [......10.0.2.15][28681] -> [..92.24.129.230][14766] update: [...555] [ip4][..udp] [......10.0.2.15][28681] -> [..124.218.26.16][20387] - update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] + update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...573] [ip4][..udp] [......10.0.2.15][28681] -> [..71.239.173.18][23327] - update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] - update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] - update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] - update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] + update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...538] [ip4][..udp] [......10.0.2.15][28681] -> [.124.218.41.253][14339] - update: [...751] [ip4][..udp] [......10.0.2.15][28681] -> [142.115.218.152][.5900] + update: [...751] [ip4][..udp] [......10.0.2.15][28681] -> [142.115.218.152][.5900] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...536] [ip4][..udp] [......10.0.2.15][28681] -> [118.167.222.160][56121] update: [...558] [ip4][..udp] [......10.0.2.15][28681] -> [...112.105.52.2][.6466] update: [...556] [ip4][..udp] [......10.0.2.15][28681] -> [...59.104.173.5][49787] - update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] + update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...560] [ip4][..udp] [......10.0.2.15][28681] -> [..118.168.15.71][53883] - update: [...503] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] - update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] - update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] - update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] + update: [...503] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...559] [ip4][..udp] [......10.0.2.15][28681] -> [.113.252.86.162][55080] - update: [...764] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] + update: [...764] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...529] [ip4][..udp] [......10.0.2.15][28681] -> [116.241.162.162][57929] update: [...539] [ip4][..udp] [......10.0.2.15][28681] -> [.119.14.143.237][.7510] update: [...545] [ip4][..udp] [......10.0.2.15][28681] -> [..116.49.159.77][55915] - update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] - update: [...749] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] - update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] + update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...749] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...663] [ip4][..udp] [......10.0.2.15][28681] -> [..50.58.238.163][.6594] - update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] - update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] - update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] - update: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] + update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...554] [ip4][..udp] [......10.0.2.15][28681] -> [.123.203.72.224][55577] update: [...528] [ip4][..udp] [......10.0.2.15][28681] -> [..118.168.15.71][58442] - update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] + update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...537] [ip4][..udp] [......10.0.2.15][28681] -> [218.164.200.235][.2034] - update: [...753] [ip4][..udp] [......10.0.2.15][28681] -> [..165.84.140.96][14400] - update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] - update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] + update: [...753] [ip4][..udp] [......10.0.2.15][28681] -> [..165.84.140.96][14400] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...535] [ip4][..udp] [......10.0.2.15][28681] -> [...114.27.24.95][10655] - update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] - update: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] + update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...532] [ip4][..udp] [......10.0.2.15][28681] -> [...114.27.24.95][10677] update: [...695] [ip4][..udp] [......10.0.2.15][28681] -> [..76.189.72.230][.8161] - update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] - update: [...762] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] + update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...762] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...552] [ip4][..udp] [......10.0.2.15][28681] -> [...218.250.6.59][60012] - update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] - update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] + update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...543] [ip4][..udp] [......10.0.2.15][28681] -> [..114.39.159.60][56896] - update: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] + update: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...557] [ip4][..udp] [......10.0.2.15][28681] -> [..61.222.160.99][53163] - update: [...755] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] - update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] - update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] - update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] - update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] - update: [...756] [ip4][..udp] [......10.0.2.15][28681] -> [..41.100.68.255][12838] - update: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] + update: [...755] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...756] [ip4][..udp] [......10.0.2.15][28681] -> [..41.100.68.255][12838] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol + update: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...561] [ip4][..udp] [......10.0.2.15][28681] -> [.61.238.173.128][57466] - update: [...763] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] + update: [...763] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...541] [ip4][..udp] [......10.0.2.15][28681] -> [...114.27.24.95][11141] update: [...547] [ip4][..udp] [......10.0.2.15][28681] -> [213.229.111.224][43316] update: [...530] [ip4][..udp] [......10.0.2.15][28681] -> [118.167.248.220][59304] - update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] - update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] - update: [...761] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] + update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...761] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...540] [ip4][..udp] [......10.0.2.15][28681] -> [..36.236.203.37][52131] - update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] + update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...765] [ip4][..udp] [......10.0.2.15][28681] -> [213.229.111.224][.4876] new: [...766] [ip4][..udp] [......10.0.2.15][28681] -> [...76.119.55.28][20347] new: [...767] [ip4][..udp] [......10.0.2.15][28681] -> [....45.65.87.24][16201] @@ -5375,35 +6565,52 @@ detected: [...783] [ip4][.icmp] [.65.182.231.232] -> [......10.0.2.15] [ICMP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic new: [...784] [ip4][..udp] [......10.0.2.15][28681] -> [..23.19.141.110][.6346] - not-detected: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] - not-detected: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] - not-detected: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] - not-detected: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] + idle: [....88] [ip4][..udp] [......10.0.2.15][28681] -> [.....81.50.24.2][17874] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...159] [ip4][..udp] [......10.0.2.15][28681] -> [176.163.231.160][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...124] [ip4][..udp] [......10.0.2.15][28681] -> [...170.254.19.6][24180] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...161] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...259] [ip4][..udp] [......10.0.2.15][28681] -> [103.232.107.100][43508] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...485] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.209][.6346] - update: [...486] [ip4][..udp] [......10.0.2.15][28681] -> [...88.68.45.203][.6346] + update: [...485] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.209][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...486] [ip4][..udp] [......10.0.2.15][28681] -> [...88.68.45.203][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...383] [ip4][..udp] [......10.0.2.15][28681] -> [...84.71.243.60][34498] - update: [...400] [ip4][..udp] [......10.0.2.15][28681] -> [..129.45.47.167][.6346] + update: [...400] [ip4][..udp] [......10.0.2.15][28681] -> [..129.45.47.167][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...312] [ip4][..udp] [......10.0.2.15][28681] -> [..24.167.201.53][47282] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic new: [...785] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] + detected: [...785] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...786] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] + detected: [...786] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...787] [ip4][..udp] [......10.0.2.15][28681] -> [220.133.122.217][23458] + detected: [...787] [ip4][..udp] [......10.0.2.15][28681] -> [220.133.122.217][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...788] [ip4][..udp] [......10.0.2.15][28681] -> [.220.134.167.82][.5820] + detected: [...788] [ip4][..udp] [......10.0.2.15][28681] -> [.220.134.167.82][.5820] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...789] [ip4][..udp] [......10.0.2.15][28681] -> [..42.98.115.128][23458] + detected: [...789] [ip4][..udp] [......10.0.2.15][28681] -> [..42.98.115.128][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...790] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] + detected: [...790] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...791] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] + detected: [...791] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...792] [ip4][..udp] [......10.0.2.15][28681] -> [.36.239.213.146][21750] + detected: [...792] [ip4][..udp] [......10.0.2.15][28681] -> [.36.239.213.146][21750] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...793] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] + detected: [...793] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...544] [ip4][..udp] [......10.0.2.15][28681] -> [..111.184.29.35][30582] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...544] [ip4][..udp] [......10.0.2.15][28681] -> [..111.184.29.35][30582] @@ -5475,9 +6682,8 @@ not-detected: [...537] [ip4][..udp] [......10.0.2.15][28681] -> [218.164.200.235][.2034] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...537] [ip4][..udp] [......10.0.2.15][28681] -> [218.164.200.235][.2034] - not-detected: [...753] [ip4][..udp] [......10.0.2.15][28681] -> [..165.84.140.96][14400] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...753] [ip4][..udp] [......10.0.2.15][28681] -> [..165.84.140.96][14400] + idle: [...753] [ip4][..udp] [......10.0.2.15][28681] -> [..165.84.140.96][14400] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...535] [ip4][..udp] [......10.0.2.15][28681] -> [...114.27.24.95][10655] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...535] [ip4][..udp] [......10.0.2.15][28681] -> [...114.27.24.95][10655] @@ -5519,70 +6725,124 @@ RISK: Unsafe Protocol, Unidirectional Traffic new: [...794] [ip4][..udp] [......10.0.2.15][50214] -> [239.255.255.250][.1900] detected: [...794] [ip4][..udp] [......10.0.2.15][50214] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] - update: [...750] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] - update: [...752] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] - update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] - update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] - update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] - update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] - update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] - update: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] - update: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] - update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] + update: [...750] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...752] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...760] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous] RISK: Unsafe Protocol - update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] - update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] - update: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] - update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] - update: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] - update: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] - update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] + update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...573] [ip4][..udp] [......10.0.2.15][28681] -> [..71.239.173.18][23327] - update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] - update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] - update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] - update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] - update: [...751] [ip4][..udp] [......10.0.2.15][28681] -> [142.115.218.152][.5900] - update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] - update: [...503] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] - update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] - update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] - update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] - update: [...764] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] - update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] - update: [...749] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] - update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] - update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] - update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] - update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] - update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] - update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] - update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] - update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] - update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] - update: [...762] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] - update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] - update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] - update: [...755] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] - update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] - update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] - update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] + update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...751] [ip4][..udp] [......10.0.2.15][28681] -> [142.115.218.152][.5900] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...503] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...764] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...749] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...762] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...755] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...783] [ip4][.icmp] [.65.182.231.232] -> [......10.0.2.15] [ICMP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic - update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] - update: [...756] [ip4][..udp] [......10.0.2.15][28681] -> [..41.100.68.255][12838] - update: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] - update: [...763] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] - update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] - update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] - update: [...761] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] - update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] + update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...756] [ip4][..udp] [......10.0.2.15][28681] -> [..41.100.68.255][12838] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol + update: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...763] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...761] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...754] [ip4][..udp] [......10.0.2.15][28681] -> [..84.125.218.84][17561] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...754] [ip4][..udp] [......10.0.2.15][28681] -> [..84.125.218.84][17561] - not-detected: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] [Unknown][Unknown][Unrated] - idle: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] + idle: [....98] [ip4][..udp] [......10.0.2.15][28681] -> [.203.222.14.170][23332] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...573] [ip4][..udp] [......10.0.2.15][28681] -> [..71.239.173.18][23327] [Unknown][Unknown][Unrated] idle: [...573] [ip4][..udp] [......10.0.2.15][28681] -> [..71.239.173.18][23327] not-detected: [...383] [ip4][..udp] [......10.0.2.15][28681] -> [...84.71.243.60][34498] [Unknown][Unknown][Unrated] @@ -5595,53 +6855,65 @@ update: [...779] [ip4][..udp] [......10.0.2.15][28681] -> [...1.65.217.224][18381] update: [...768] [ip4][..udp] [......10.0.2.15][28681] -> [.14.200.255.229][37058] update: [...765] [ip4][..udp] [......10.0.2.15][28681] -> [213.229.111.224][.4876] - update: [...787] [ip4][..udp] [......10.0.2.15][28681] -> [220.133.122.217][23458] - update: [...793] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] + update: [...787] [ip4][..udp] [......10.0.2.15][28681] -> [220.133.122.217][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...793] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...784] [ip4][..udp] [......10.0.2.15][28681] -> [..23.19.141.110][.6346] update: [...774] [ip4][..udp] [......10.0.2.15][28681] -> [..50.58.238.149][.6599] - update: [...792] [ip4][..udp] [......10.0.2.15][28681] -> [.36.239.213.146][21750] - update: [...485] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.209][.6346] + update: [...792] [ip4][..udp] [......10.0.2.15][28681] -> [.36.239.213.146][21750] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...485] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.209][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...771] [ip4][..udp] [......10.0.2.15][28681] -> [...202.27.193.6][.6346] - update: [...786] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] + update: [...786] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...781] [ip4][..udp] [......10.0.2.15][28681] -> [...112.105.52.2][23458] update: [...782] [ip4][..udp] [......10.0.2.15][28681] -> [.65.182.231.232][.7890] - update: [...486] [ip4][..udp] [......10.0.2.15][28681] -> [...88.68.45.203][.6346] + update: [...486] [ip4][..udp] [......10.0.2.15][28681] -> [...88.68.45.203][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...769] [ip4][..udp] [......10.0.2.15][28681] -> [.123.110.61.169][11973] update: [...775] [ip4][..udp] [......10.0.2.15][28681] -> [..223.17.132.18][23458] - update: [...788] [ip4][..udp] [......10.0.2.15][28681] -> [.220.134.167.82][.5820] - update: [...789] [ip4][..udp] [......10.0.2.15][28681] -> [..42.98.115.128][23458] + update: [...788] [ip4][..udp] [......10.0.2.15][28681] -> [.220.134.167.82][.5820] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...789] [ip4][..udp] [......10.0.2.15][28681] -> [..42.98.115.128][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...772] [ip4][..udp] [......10.0.2.15][28681] -> [.73.192.231.237][.9676] update: [...770] [ip4][..udp] [......10.0.2.15][28681] -> [..97.83.183.148][.8890] - update: [...400] [ip4][..udp] [......10.0.2.15][28681] -> [..129.45.47.167][.6346] - update: [...790] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] + update: [...400] [ip4][..udp] [......10.0.2.15][28681] -> [..129.45.47.167][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...790] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...766] [ip4][..udp] [......10.0.2.15][28681] -> [...76.119.55.28][20347] - update: [...785] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] + update: [...785] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...780] [ip4][..udp] [......10.0.2.15][28681] -> [...68.66.94.132][17735] - update: [...791] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] + update: [...791] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...312] [ip4][..udp] [......10.0.2.15][28681] -> [..24.167.201.53][47282] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic new: [...795] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] + detected: [...795] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...796] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] + detected: [...796] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic new: [...797] [ip4][.icmp] [...154.3.42.209] -> [......10.0.2.15] detected: [...797] [ip4][.icmp] [...154.3.42.209] -> [......10.0.2.15] [ICMP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic - not-detected: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] - not-detected: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] - not-detected: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] + idle: [...195] [ip4][..udp] [......10.0.2.15][28681] -> [.177.231.151.16][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...191] [ip4][..udp] [......10.0.2.15][28681] -> [.190.153.143.54][65535] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...200] [ip4][..udp] [......10.0.2.15][28681] -> [.138.199.16.123][52993] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...759] [ip4][..udp] [......10.0.2.15][28681] -> [104.238.172.250][23548] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic update: [...758] [ip4][..udp] [......10.0.2.15][50213] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] update: [...757] [ip4][..udp] [......10.0.2.15][28681] -> [.104.156.226.72][53258] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - not-detected: [...400] [ip4][..udp] [......10.0.2.15][28681] -> [..129.45.47.167][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...400] [ip4][..udp] [......10.0.2.15][28681] -> [..129.45.47.167][.6346] + idle: [...400] [ip4][..udp] [......10.0.2.15][28681] -> [..129.45.47.167][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...794] [ip4][..udp] [......10.0.2.15][50214] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] update: [...783] [ip4][.icmp] [.65.182.231.232] -> [......10.0.2.15] [ICMP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic @@ -5649,58 +6921,108 @@ RISK: Unsafe Protocol, Unidirectional Traffic idle: [...757] [ip4][..udp] [......10.0.2.15][28681] -> [.104.156.226.72][53258] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - update: [...750] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] - update: [...752] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] - update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] - update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] - update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] - update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] - update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] - update: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] - update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] + update: [...750] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...752] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic update: [...760] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous] RISK: Unsafe Protocol - update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] - update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] - update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] - update: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] - update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] - update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] - update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] - update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] - update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] - update: [...751] [ip4][..udp] [......10.0.2.15][28681] -> [142.115.218.152][.5900] - update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] - update: [...503] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] - update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] - update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] - update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] - update: [...764] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] - update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] - update: [...749] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] - update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] - update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] - update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] - update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] - update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] - update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] - update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] - update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] - update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] - update: [...762] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] - update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] - update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] - update: [...755] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] - update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] - update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] - update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] - update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] - update: [...756] [ip4][..udp] [......10.0.2.15][28681] -> [..41.100.68.255][12838] - update: [...763] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] - update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] - update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] - update: [...761] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] - update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] + update: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...751] [ip4][..udp] [......10.0.2.15][28681] -> [142.115.218.152][.5900] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...503] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...764] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...749] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...762] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...755] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...756] [ip4][..udp] [......10.0.2.15][28681] -> [..41.100.68.255][12838] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol + update: [...763] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...761] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + update: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [...758] [ip4][..udp] [......10.0.2.15][50213] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] update: [...797] [ip4][.icmp] [...154.3.42.209] -> [......10.0.2.15] [ICMP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic @@ -5713,33 +7035,26 @@ new: [...801] [ip6][icmp6] [..............fe80::c50d:519f:96a4:e108] -> [...............................ff02::16] detected: [...801] [ip6][icmp6] [..............fe80::c50d:519f:96a4:e108] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable] DAEMON-EVENT: [Processed: 3882 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 169 / 801|skipped: 0|!detected: 472|guessed: 4|detection-updates: 5|updates: 2519] + DAEMON-EVENT: [Flows][active: 169 / 801|skipped: 0|!detected: 309|guessed: 3|detection-updates: 5|updates: 2519] not-detected: [....52] [ip4][..tcp] [......10.0.2.15][50212] -> [...95.17.124.40][.6776] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....52] [ip4][..tcp] [......10.0.2.15][50212] -> [...95.17.124.40][.6776] - not-detected: [...750] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...750] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] - not-detected: [...752] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...752] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] - not-detected: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] - not-detected: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] + idle: [...750] [ip4][..udp] [......10.0.2.15][28681] -> [....67.193.8.52][38584] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...752] [ip4][..udp] [......10.0.2.15][28681] -> [...78.231.73.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...128] [ip4][..udp] [......10.0.2.15][28681] -> [..77.141.219.27][37580] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...166] [ip4][..udp] [......10.0.2.15][28681] -> [..90.59.253.186][15555] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...777] [ip4][..udp] [......10.0.2.15][28681] -> [.124.244.211.43][23459] [Unknown][Unknown][Unrated] idle: [...777] [ip4][..udp] [......10.0.2.15][28681] -> [.124.244.211.43][23459] - not-detected: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] - not-detected: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] - not-detected: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] + idle: [...184] [ip4][..udp] [......10.0.2.15][28681] -> [..86.239.62.213][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...183] [ip4][..udp] [......10.0.2.15][28681] -> [..91.172.15.182][37829] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...114] [ip4][..udp] [......10.0.2.15][28681] -> [....86.23.75.69][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...245] [ip4][..tcp] [......10.0.2.15][50289] -> [.74.195.236.249][18557] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...245] [ip4][..tcp] [......10.0.2.15][50289] -> [.74.195.236.249][18557] @@ -5754,18 +7069,16 @@ RISK: Unsafe Protocol not-detected: [...767] [ip4][..udp] [......10.0.2.15][28681] -> [....45.65.87.24][16201] [Unknown][Unknown][Unrated] idle: [...767] [ip4][..udp] [......10.0.2.15][28681] -> [....45.65.87.24][16201] - not-detected: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] + idle: [...352] [ip4][..udp] [......10.0.2.15][28681] -> [.176.191.49.159][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [....72] [ip4][..tcp] [......10.0.2.15][50231] -> [..76.68.138.207][45079] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....72] [ip4][..tcp] [......10.0.2.15][50231] -> [..76.68.138.207][45079] not-detected: [...228] [ip4][..tcp] [......10.0.2.15][50274] -> [..68.174.18.115][50679] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...228] [ip4][..tcp] [......10.0.2.15][50274] -> [..68.174.18.115][50679] - not-detected: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] + idle: [...219] [ip4][..udp] [......10.0.2.15][28681] -> [...76.30.86.144][53821] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...778] [ip4][..udp] [......10.0.2.15][28681] -> [.122.117.100.78][.9010] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...778] [ip4][..udp] [......10.0.2.15][28681] -> [.122.117.100.78][.9010] @@ -5790,36 +7103,29 @@ idle: [...760] [ip4][..udp] [......10.0.2.15][..138] -> [.....10.0.2.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous] RISK: Unsafe Protocol idle: [...798] [ip4][..udp] [......10.0.2.15][63962] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] - not-detected: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] + idle: [...118] [ip4][..udp] [......10.0.2.15][28681] -> [...5.180.62.100][46385] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [....74] [ip4][..tcp] [......10.0.2.15][50233] -> [...1.163.14.246][12854] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....74] [ip4][..tcp] [......10.0.2.15][50233] -> [...1.163.14.246][12854] not-detected: [...152] [ip4][..tcp] [......10.0.2.15][50265] -> [.113.255.250.32][52647] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...152] [ip4][..tcp] [......10.0.2.15][50265] -> [.113.255.250.32][52647] - not-detected: [...796] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...796] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] - not-detected: [...787] [ip4][..udp] [......10.0.2.15][28681] -> [220.133.122.217][23458] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...787] [ip4][..udp] [......10.0.2.15][28681] -> [220.133.122.217][23458] + idle: [...796] [ip4][..udp] [......10.0.2.15][28681] -> [..41.249.63.200][22582] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...787] [ip4][..udp] [......10.0.2.15][28681] -> [220.133.122.217][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...233] [ip4][..tcp] [......10.0.2.15][50279] -> [.113.252.91.201][.4297] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...233] [ip4][..tcp] [......10.0.2.15][50279] -> [.113.252.91.201][.4297] - not-detected: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] - not-detected: [...793] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...793] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] - not-detected: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] - not-detected: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] + idle: [...117] [ip4][..udp] [......10.0.2.15][28681] -> [200.120.243.143][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...793] [ip4][..udp] [......10.0.2.15][28681] -> [123.205.126.102][.5193] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...172] [ip4][..udp] [......10.0.2.15][28681] -> [..87.69.142.133][15471] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...748] [ip4][..udp] [......10.0.2.15][28681] -> [.....92.8.59.80][35192] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic idle: [...801] [ip6][icmp6] [..............fe80::c50d:519f:96a4:e108] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable] not-detected: [...123] [ip4][..tcp] [......10.0.2.15][50254] -> [..24.78.134.188][49046] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic @@ -5833,57 +7139,47 @@ not-detected: [....59] [ip4][..tcp] [......10.0.2.15][50218] -> [..90.103.247.94][59045] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....59] [ip4][..tcp] [......10.0.2.15][50218] -> [..90.103.247.94][59045] - not-detected: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] + idle: [...111] [ip4][..udp] [......10.0.2.15][28681] -> [..90.65.141.157][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [....49] [ip4][..tcp] [......10.0.2.15][50209] -> [113.252.206.254][49587] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....49] [ip4][..tcp] [......10.0.2.15][50209] -> [113.252.206.254][49587] not-detected: [....65] [ip4][..tcp] [......10.0.2.15][50224] -> [...78.125.63.97][.6346] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....65] [ip4][..tcp] [......10.0.2.15][50224] -> [...78.125.63.97][.6346] - not-detected: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] - not-detected: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] - not-detected: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] + idle: [...187] [ip4][..udp] [......10.0.2.15][28681] -> [....92.88.92.56][21009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...190] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.195.227][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...139] [ip4][..udp] [......10.0.2.15][28681] -> [165.169.226.142][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [....68] [ip4][..tcp] [......10.0.2.15][50227] -> [.111.246.157.94][51175] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....68] [ip4][..tcp] [......10.0.2.15][50227] -> [.111.246.157.94][51175] - not-detected: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] - not-detected: [...751] [ip4][..udp] [......10.0.2.15][28681] -> [142.115.218.152][.5900] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...751] [ip4][..udp] [......10.0.2.15][28681] -> [142.115.218.152][.5900] - not-detected: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] + idle: [...141] [ip4][..udp] [......10.0.2.15][28681] -> [..172.97.199.14][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...751] [ip4][..udp] [......10.0.2.15][28681] -> [142.115.218.152][.5900] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...126] [ip4][..udp] [......10.0.2.15][28681] -> [..91.69.159.133][28000] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [....56] [ip4][..tcp] [......10.0.2.15][50215] -> [.124.244.64.237][.4704] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....56] [ip4][..tcp] [......10.0.2.15][50215] -> [.124.244.64.237][.4704] not-detected: [....71] [ip4][..tcp] [......10.0.2.15][50230] -> [....73.3.103.37][17296] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....71] [ip4][..tcp] [......10.0.2.15][50230] -> [....73.3.103.37][17296] - not-detected: [...503] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...503] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] - not-detected: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] + idle: [...503] [ip4][..udp] [......10.0.2.15][28681] -> [..74.210.244.72][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [....85] [ip4][..udp] [......10.0.2.15][28681] -> [..85.138.20.110][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...244] [ip4][..tcp] [......10.0.2.15][50288] -> [...76.119.55.28][20347] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...244] [ip4][..tcp] [......10.0.2.15][50288] -> [...76.119.55.28][20347] not-detected: [....47] [ip4][..tcp] [......10.0.2.15][50207] -> [..90.78.171.204][.6346] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....47] [ip4][..tcp] [......10.0.2.15][50207] -> [..90.78.171.204][.6346] - not-detected: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] + idle: [...180] [ip4][..udp] [......10.0.2.15][28681] -> [...66.131.24.72][30711] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...281] [ip4][..tcp] [......10.0.2.15][50305] -> [....94.54.66.82][63637] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...281] [ip4][..tcp] [......10.0.2.15][50305] -> [....94.54.66.82][63637] @@ -5898,18 +7194,16 @@ idle: [...266] [ip4][..tcp] [......10.0.2.15][50290] -> [....73.89.249.8][50649] idle: [...797] [ip4][.icmp] [...154.3.42.209] -> [......10.0.2.15] [ICMP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic - not-detected: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] + idle: [...135] [ip4][..udp] [......10.0.2.15][28681] -> [.193.250.99.158][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [....78] [ip4][..tcp] [......10.0.2.15][50237] -> [.88.123.202.175][37910] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....78] [ip4][..tcp] [......10.0.2.15][50237] -> [.88.123.202.175][37910] not-detected: [...151] [ip4][..tcp] [......10.0.2.15][50264] -> [...95.10.205.67][48380] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...151] [ip4][..tcp] [......10.0.2.15][50264] -> [...95.10.205.67][48380] - not-detected: [...764] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...764] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] + idle: [...764] [ip4][..udp] [......10.0.2.15][28681] -> [.208.92.106.151][32476] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [....89] [ip4][..tcp] [......10.0.2.15][50244] -> [..188.61.52.183][63978] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....89] [ip4][..tcp] [......10.0.2.15][50244] -> [..188.61.52.183][63978] @@ -5919,15 +7213,12 @@ not-detected: [...784] [ip4][..udp] [......10.0.2.15][28681] -> [..23.19.141.110][.6346] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...784] [ip4][..udp] [......10.0.2.15][28681] -> [..23.19.141.110][.6346] - not-detected: [...749] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...749] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] - not-detected: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] - not-detected: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] + idle: [...749] [ip4][..udp] [......10.0.2.15][28681] -> [...78.159.27.22][17563] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...156] [ip4][..udp] [......10.0.2.15][28681] -> [..86.244.228.86][10131] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...176] [ip4][..udp] [......10.0.2.15][28681] -> [....41.99.164.4][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...774] [ip4][..udp] [......10.0.2.15][28681] -> [..50.58.238.149][.6599] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...774] [ip4][..udp] [......10.0.2.15][28681] -> [..50.58.238.149][.6599] @@ -5937,24 +7228,20 @@ not-detected: [....84] [ip4][..tcp] [......10.0.2.15][50243] -> [176.138.129.252][27962] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....84] [ip4][..tcp] [......10.0.2.15][50243] -> [176.138.129.252][27962] - not-detected: [...792] [ip4][..udp] [......10.0.2.15][28681] -> [.36.239.213.146][21750] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...792] [ip4][..udp] [......10.0.2.15][28681] -> [.36.239.213.146][21750] - not-detected: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] + idle: [...792] [ip4][..udp] [......10.0.2.15][28681] -> [.36.239.213.146][21750] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...157] [ip4][..udp] [......10.0.2.15][28681] -> [.86.227.162.150][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...142] [ip4][..tcp] [......10.0.2.15][50255] -> [..36.236.203.37][52165] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...142] [ip4][..tcp] [......10.0.2.15][50255] -> [..36.236.203.37][52165] - not-detected: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] + idle: [...209] [ip4][..udp] [......10.0.2.15][28681] -> [..91.179.98.234][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...241] [ip4][..tcp] [......10.0.2.15][50287] -> [.98.215.130.156][12405] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...241] [ip4][..tcp] [......10.0.2.15][50287] -> [.98.215.130.156][12405] - not-detected: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] + idle: [...116] [ip4][..udp] [......10.0.2.15][28681] -> [.124.44.190.145][10170] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...236] [ip4][..tcp] [......10.0.2.15][50282] -> [..221.124.66.33][13060] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...236] [ip4][..tcp] [......10.0.2.15][50282] -> [..221.124.66.33][13060] @@ -5967,9 +7254,8 @@ not-detected: [...224] [ip4][..tcp] [......10.0.2.15][50270] -> [...114.27.24.95][11427] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...224] [ip4][..tcp] [......10.0.2.15][50270] -> [...114.27.24.95][11427] - not-detected: [...485] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.209][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...485] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.209][.6346] + idle: [...485] [ip4][..udp] [......10.0.2.15][28681] -> [...154.3.42.209][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...145] [ip4][..tcp] [......10.0.2.15][50258] -> [122.100.216.210][.7097] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...145] [ip4][..tcp] [......10.0.2.15][50258] -> [122.100.216.210][.7097] @@ -5991,35 +7277,28 @@ not-detected: [...234] [ip4][..tcp] [......10.0.2.15][50280] -> [...99.199.148.6][.4338] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...234] [ip4][..tcp] [......10.0.2.15][50280] -> [...99.199.148.6][.4338] - not-detected: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] - not-detected: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] - not-detected: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] + idle: [...133] [ip4][..udp] [......10.0.2.15][28681] -> [.91.175.220.161][15721] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...167] [ip4][..udp] [......10.0.2.15][28681] -> [..93.29.107.176][20363] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...171] [ip4][..udp] [......10.0.2.15][28681] -> [196.217.132.111][25394] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...229] [ip4][..tcp] [......10.0.2.15][50275] -> [.122.117.100.78][.9010] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...229] [ip4][..tcp] [......10.0.2.15][50275] -> [.122.117.100.78][.9010] - not-detected: [...786] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...786] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] + idle: [...786] [ip4][..udp] [......10.0.2.15][28681] -> [....114.38.9.82][24223] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...781] [ip4][..udp] [......10.0.2.15][28681] -> [...112.105.52.2][23458] [Unknown][Unknown][Unrated] idle: [...781] [ip4][..udp] [......10.0.2.15][28681] -> [...112.105.52.2][23458] not-detected: [...782] [ip4][..udp] [......10.0.2.15][28681] -> [.65.182.231.232][.7890] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...782] [ip4][..udp] [......10.0.2.15][28681] -> [.65.182.231.232][.7890] - not-detected: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] - not-detected: [...486] [ip4][..udp] [......10.0.2.15][28681] -> [...88.68.45.203][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...486] [ip4][..udp] [......10.0.2.15][28681] -> [...88.68.45.203][.6346] - not-detected: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] + idle: [...160] [ip4][..udp] [......10.0.2.15][28681] -> [...83.150.49.35][32448] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...486] [ip4][..udp] [......10.0.2.15][28681] -> [...88.68.45.203][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...185] [ip4][..udp] [......10.0.2.15][28681] -> [.109.132.196.58][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [....39] [ip4][..tcp] [......10.0.2.15][50200] -> [176.128.217.128][45194] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....39] [ip4][..tcp] [......10.0.2.15][50200] -> [176.128.217.128][45194] @@ -6029,9 +7308,8 @@ not-detected: [....53] [ip4][..tcp] [......10.0.2.15][50213] -> [...85.117.153.7][50138] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....53] [ip4][..tcp] [......10.0.2.15][50213] -> [...85.117.153.7][50138] - not-detected: [...762] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...762] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] + idle: [...762] [ip4][..udp] [......10.0.2.15][28681] -> [...86.75.43.182][43502] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [....82] [ip4][..tcp] [......10.0.2.15][50241] -> [..98.18.172.208][63172] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....82] [ip4][..tcp] [......10.0.2.15][50241] -> [..98.18.172.208][63172] @@ -6040,15 +7318,12 @@ idle: [...297] [ip4][..tcp] [......10.0.2.15][50321] -> [213.229.111.224][.4876] not-detected: [...775] [ip4][..udp] [......10.0.2.15][28681] -> [..223.17.132.18][23458] [Unknown][Unknown][Unrated] idle: [...775] [ip4][..udp] [......10.0.2.15][28681] -> [..223.17.132.18][23458] - not-detected: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] - not-detected: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] - not-detected: [...788] [ip4][..udp] [......10.0.2.15][28681] -> [.220.134.167.82][.5820] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...788] [ip4][..udp] [......10.0.2.15][28681] -> [.220.134.167.82][.5820] + idle: [...130] [ip4][..udp] [......10.0.2.15][28681] -> [..119.224.95.97][46356] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...129] [ip4][..udp] [......10.0.2.15][28681] -> [.176.138.50.179][29411] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...788] [ip4][..udp] [......10.0.2.15][28681] -> [.220.134.167.82][.5820] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [....79] [ip4][..tcp] [......10.0.2.15][50238] -> [.124.218.41.253][59144] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....79] [ip4][..tcp] [......10.0.2.15][50238] -> [.124.218.41.253][59144] @@ -6058,39 +7333,33 @@ not-detected: [....70] [ip4][..tcp] [......10.0.2.15][50229] -> [....1.36.249.91][64920] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....70] [ip4][..tcp] [......10.0.2.15][50229] -> [....1.36.249.91][64920] - not-detected: [...789] [ip4][..udp] [......10.0.2.15][28681] -> [..42.98.115.128][23458] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...789] [ip4][..udp] [......10.0.2.15][28681] -> [..42.98.115.128][23458] - not-detected: [...795] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...795] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] + idle: [...789] [ip4][..udp] [......10.0.2.15][28681] -> [..42.98.115.128][23458] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...795] [ip4][..udp] [......10.0.2.15][28681] -> [..213.120.26.86][29946] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [....33] [ip4][..tcp] [......10.0.2.15][50195] -> [162.157.143.201][29762] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....33] [ip4][..tcp] [......10.0.2.15][50195] -> [162.157.143.201][29762] not-detected: [....91] [ip4][..tcp] [......10.0.2.15][50246] -> [...80.7.252.192][45685] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....91] [ip4][..tcp] [......10.0.2.15][50246] -> [...80.7.252.192][45685] - not-detected: [...755] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...755] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] + idle: [...755] [ip4][..udp] [......10.0.2.15][28681] -> [..83.134.107.32][38836] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [....50] [ip4][..tcp] [......10.0.2.15][50210] -> [..36.234.18.166][61404] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....50] [ip4][..tcp] [......10.0.2.15][50210] -> [..36.234.18.166][61404] - not-detected: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] + idle: [...137] [ip4][..udp] [......10.0.2.15][28681] -> [...82.65.70.197][21693] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [....45] [ip4][..tcp] [......10.0.2.15][50205] -> [.114.46.139.171][52120] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....45] [ip4][..tcp] [......10.0.2.15][50205] -> [.114.46.139.171][52120] not-detected: [...772] [ip4][..udp] [......10.0.2.15][28681] -> [.73.192.231.237][.9676] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...772] [ip4][..udp] [......10.0.2.15][28681] -> [.73.192.231.237][.9676] - not-detected: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] - not-detected: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] + idle: [...109] [ip4][..udp] [......10.0.2.15][28681] -> [...88.169.2.153][52414] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...140] [ip4][..udp] [......10.0.2.15][28681] -> [.77.197.111.186][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...770] [ip4][..udp] [......10.0.2.15][28681] -> [..97.83.183.148][.8890] [Unknown][Unknown][Unrated] idle: [...770] [ip4][..udp] [......10.0.2.15][28681] -> [..97.83.183.148][.8890] not-detected: [...235] [ip4][..tcp] [......10.0.2.15][50281] -> [.94.134.154.158][54130] [Unknown][Unknown][Unrated] @@ -6105,14 +7374,12 @@ RISK: Unsafe Protocol idle: [...334] [ip4][..tcp] [......10.0.2.15][50328] -> [..189.147.72.83][26108] [HTTP.Gnutella][Unknown][Media][Potentially Dangerous] RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol - not-detected: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] - not-detected: [...756] [ip4][..udp] [......10.0.2.15][28681] -> [..41.100.68.255][12838] [Unknown][Unknown][Unrated] - idle: [...756] [ip4][..udp] [......10.0.2.15][28681] -> [..41.100.68.255][12838] - not-detected: [...790] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...790] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] + idle: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic + idle: [...756] [ip4][..udp] [......10.0.2.15][28681] -> [..41.100.68.255][12838] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol + idle: [...790] [ip4][..udp] [......10.0.2.15][28681] -> [.218.164.39.233][20855] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [....80] [ip4][..tcp] [......10.0.2.15][50239] -> [...112.105.52.2][.6384] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....80] [ip4][..tcp] [......10.0.2.15][50239] -> [...112.105.52.2][.6384] @@ -6122,9 +7389,8 @@ not-detected: [...766] [ip4][..udp] [......10.0.2.15][28681] -> [...76.119.55.28][20347] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...766] [ip4][..udp] [......10.0.2.15][28681] -> [...76.119.55.28][20347] - not-detected: [...763] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...763] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] + idle: [...763] [ip4][..udp] [......10.0.2.15][28681] -> [.85.170.209.214][46210] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic end: [...288] [ip4][..tcp] [......10.0.2.15][50312] -> [104.238.172.250][23548] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol not-detected: [...120] [ip4][..tcp] [......10.0.2.15][50251] -> [...24.127.1.235][37814] [Unknown][Unknown][Unrated] @@ -6142,15 +7408,13 @@ not-detected: [....58] [ip4][..tcp] [......10.0.2.15][50217] -> [.113.252.86.162][54958] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....58] [ip4][..tcp] [......10.0.2.15][50217] -> [.113.252.86.162][54958] - not-detected: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] + idle: [...158] [ip4][..udp] [......10.0.2.15][28681] -> [.118.166.226.70][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [....32] [ip4][..tcp] [......10.0.2.15][50194] -> [..92.152.66.153][43771] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....32] [ip4][..tcp] [......10.0.2.15][50194] -> [..92.152.66.153][43771] - not-detected: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] + idle: [....87] [ip4][..udp] [......10.0.2.15][28681] -> [..92.131.85.245][31743] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [....83] [ip4][..tcp] [......10.0.2.15][50242] -> [109.210.203.131][.6346] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....83] [ip4][..tcp] [......10.0.2.15][50242] -> [109.210.203.131][.6346] @@ -6163,29 +7427,25 @@ not-detected: [....62] [ip4][..tcp] [......10.0.2.15][50221] -> [...59.104.173.5][49956] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....62] [ip4][..tcp] [......10.0.2.15][50221] -> [...59.104.173.5][49956] - not-detected: [...785] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...785] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] + idle: [...785] [ip4][..udp] [......10.0.2.15][28681] -> [.176.134.139.39][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [...780] [ip4][..udp] [......10.0.2.15][28681] -> [...68.66.94.132][17735] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...780] [ip4][..udp] [......10.0.2.15][28681] -> [...68.66.94.132][17735] - not-detected: [...761] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...761] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] + idle: [...761] [ip4][..udp] [......10.0.2.15][28681] -> [..195.132.75.56][56009] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic not-detected: [....55] [ip4][..tcp] [......10.0.2.15][50214] -> [.80.193.171.146][53808] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....55] [ip4][..tcp] [......10.0.2.15][50214] -> [.80.193.171.146][53808] not-detected: [...231] [ip4][..tcp] [......10.0.2.15][50277] -> [.82.181.251.218][36368] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...231] [ip4][..tcp] [......10.0.2.15][50277] -> [.82.181.251.218][36368] - not-detected: [...791] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...791] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] + idle: [...791] [ip4][..udp] [......10.0.2.15][28681] -> [...219.85.11.85][10722] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic end: [....94] [ip4][..tcp] [......10.0.2.15][50249] -> [.86.208.180.181][45883] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol idle: [...312] [ip4][..udp] [......10.0.2.15][28681] -> [..24.167.201.53][47282] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic - not-detected: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] [Unknown][Unknown][Unrated] - RISK: Unidirectional Traffic - idle: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] + idle: [...138] [ip4][..udp] [......10.0.2.15][28681] -> [167.114.170.156][23844] [Gnutella][Unknown][Download][Potentially Dangerous] + RISK: Unsafe Protocol, Unidirectional Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/http_invalid_server.pcap.out b/test/results/flow-info/default/http_invalid_server.pcap.out new file mode 100644 index 000000000..ff7867f95 --- /dev/null +++ b/test/results/flow-info/default/http_invalid_server.pcap.out @@ -0,0 +1,11 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [...192.168.1.29][51536] -> [.143.204.14.183][...80] + detected: [.....1] [ip4][..tcp] [...192.168.1.29][51536] -> [.143.204.14.183][...80] [HTTP][AmazonAWS][Web][Acceptable][ocsp.rootg2.amazontrust.com] + RISK: HTTP Susp User-Agent + detection-update: [.....1] [ip4][..tcp] [...192.168.1.29][51536] -> [.143.204.14.183][...80] [HTTP.OCSP][AmazonAWS][Web][Safe][ocsp.rootg2.amazontrust.com] + RISK: HTTP Susp User-Agent, HTTP Susp Header + end: [.....1] [ip4][..tcp] [...192.168.1.29][51536] -> [.143.204.14.183][...80] [HTTP.OCSP][AmazonAWS][Web][Safe] + RISK: HTTP Susp User-Agent, HTTP Susp Header + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/line.pcap.out b/test/results/flow-info/default/line.pcap.out index bd1f27cf4..bcf2bfac9 100644 --- a/test/results/flow-info/default/line.pcap.out +++ b/test/results/flow-info/default/line.pcap.out @@ -2,8 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [......10.0.2.15][50835] -> [125.209.252.210][20610] - detected: [.....1] [ip4][..udp] [......10.0.2.15][50835] -> [125.209.252.210][20610] [LineCall][Unknown][VoIP][Acceptable] - analyse: [.....1] [ip4][..udp] [......10.0.2.15][50835] -> [125.209.252.210][20610] [LineCall][Unknown][VoIP][Acceptable] + detected: [.....1] [ip4][..udp] [......10.0.2.15][50835] -> [125.209.252.210][20610] [LineCall][Line][VoIP][Acceptable] + RISK: Unidirectional Traffic + analyse: [.....1] [ip4][..udp] [......10.0.2.15][50835] -> [125.209.252.210][20610] [LineCall][Line][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.602| 0.105| 0.182| 33194.353| 3.400] [PKTLEN......: 58.000| 900.000| 171.300| 234.500| 54984.500| 4.100] @@ -45,9 +46,11 @@ [IATS(ms)....: 237.3,237.6,1.0,239.7,1.4,0.0,0.0,239.9,3.7,241.4,238.7,278.5,277.4,237.5,0.0,0.0,237.6,7029.5,7306.4,276.8,237.6,0.7,0.0,238.3,524.4,801.6,277.2,237.7,0.0,0.0,237.7] [PKTLENS.....: 52,52,40,557,46,1500,1500,381,40,133,314,335,46,581,46,224,75,40,335,46,613,46,224,75,40,335,46,612,46,224,75,40] [ENTROPIES...: 4.5,4.9,4.8,4.8,4.5,7.2,7.5,7.4,4.8,6.2,7.2,7.3,4.5,7.6,4.5,7.0,5.7,4.8,7.4,4.4,7.6,4.6,7.0,5.8,4.6,7.3,4.5,7.6,4.5,7.0,5.7,4.7] - idle: [.....1] [ip4][..udp] [......10.0.2.15][50835] -> [125.209.252.210][20610] [LineCall][Unknown][VoIP][Acceptable] + idle: [.....1] [ip4][..udp] [......10.0.2.15][50835] -> [125.209.252.210][20610] [LineCall][Line][VoIP][Acceptable] + RISK: Unidirectional Traffic new: [.....4] [ip4][..udp] [...10.200.3.125][51161] -> [..147.92.169.90][29070] detected: [.....4] [ip4][..udp] [...10.200.3.125][51161] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable] + RISK: Unidirectional Traffic analyse: [.....4] [ip4][..udp] [...10.200.3.125][51161] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.225| 0.016| 0.051| 2613.605| 1.500] @@ -60,10 +63,14 @@ [ENTROPIES...: 7.8,7.2,7.6,7.6,7.6,7.7,7.7,7.6,7.5,7.6,7.6,7.6,7.6,7.6,7.7,7.6,7.6,7.7,5.3,6.7,7.5,7.6,7.7,7.6,7.6,7.6,7.7,7.6,7.6,7.7,7.7,7.6] new: [.....5] [ip4][..udp] [...10.200.3.125][51170] -> [..147.92.169.90][29070] detected: [.....5] [ip4][..udp] [...10.200.3.125][51170] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable] + RISK: Unidirectional Traffic update: [.....4] [ip4][..udp] [...10.200.3.125][51161] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable] + RISK: Unidirectional Traffic idle: [.....2] [ip4][..tcp] [...10.200.3.125][57841] -> [.147.92.165.194][..443] [TLS][Line][Web][Safe] end: [.....3] [ip4][..tcp] [...10.200.3.125][58160] -> [.147.92.242.232][..443] [TLS.Line][Line][Chat][Acceptable] RISK: TLS (probably) Not Carrying HTTPS idle: [.....4] [ip4][..udp] [...10.200.3.125][51161] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable] + RISK: Unidirectional Traffic idle: [.....5] [ip4][..udp] [...10.200.3.125][51170] -> [..147.92.169.90][29070] [LineCall][Line][VoIP][Acceptable] + RISK: Unidirectional Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/pps.pcap.out b/test/results/flow-info/default/pps.pcap.out index fb0103dd2..7f84e0a71 100644 --- a/test/results/flow-info/default/pps.pcap.out +++ b/test/results/flow-info/default/pps.pcap.out @@ -154,7 +154,7 @@ new: [....55] [ip4][..udp] [...192.168.5.57][59648] -> [239.255.255.250][.1900] detected: [....55] [ip4][..udp] [...192.168.5.57][59648] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] detection-update: [....54] [ip4][..tcp] [..192.168.115.8][50486] -> [...77.234.40.96][...80] [HTTP.Cybersec][AVAST][Download][Safe][bcu.ff.avast.com] - RISK: HTTP Susp User-Agent, HTTP Obsolete Server + RISK: Binary App Transfer, HTTP Susp User-Agent, HTTP Obsolete Server new: [....56] [ip4][..tcp] [..192.168.115.8][50487] -> [.202.108.14.219][...80] [MIDSTREAM] detected: [....56] [ip4][..tcp] [..192.168.115.8][50487] -> [.202.108.14.219][...80] [HTTP][Unknown][Streaming][Acceptable][msg.71.am] RISK: Unidirectional Traffic @@ -362,7 +362,7 @@ RISK: Unidirectional Traffic idle: [....22] [ip4][..udp] [..192.168.115.8][22793] -> [.222.26.193.119][.7133] idle: [....54] [ip4][..tcp] [..192.168.115.8][50486] -> [...77.234.40.96][...80] [HTTP.Cybersec][AVAST][Download][Safe] - RISK: HTTP Susp User-Agent, HTTP Obsolete Server + RISK: Binary App Transfer, HTTP Susp User-Agent, HTTP Obsolete Server not-detected: [....25] [ip4][..udp] [..192.168.115.8][22793] -> [.115.157.62.243][29006] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....25] [ip4][..udp] [..192.168.115.8][22793] -> [.115.157.62.243][29006] diff --git a/test/results/flow-info/default/quic_cc_ack.pcapng.out b/test/results/flow-info/default/quic_cc_ack.pcapng.out new file mode 100644 index 000000000..ff4dbb9d5 --- /dev/null +++ b/test/results/flow-info/default/quic_cc_ack.pcapng.out @@ -0,0 +1,14 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.152.14.223.145][57113] -> [...71.98.228.93][..443] + detected: [.....1] [ip4][..udp] [.152.14.223.145][57113] -> [...71.98.228.93][..443] [QUIC][Unknown][Web][Acceptable] + RISK: Unidirectional Traffic + new: [.....2] [ip4][..udp] [.183.23.159.144][37787] -> [.108.140.147.22][..443] + detected: [.....2] [ip4][..udp] [.183.23.159.144][37787] -> [.108.140.147.22][..443] [QUIC][Azure][Web][Acceptable] + RISK: Unidirectional Traffic + idle: [.....2] [ip4][..udp] [.183.23.159.144][37787] -> [.108.140.147.22][..443] [QUIC][Azure][Web][Acceptable] + RISK: Unidirectional Traffic + idle: [.....1] [ip4][..udp] [.152.14.223.145][57113] -> [...71.98.228.93][..443] [QUIC][Unknown][Web][Acceptable] + RISK: Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/rdp.pcap.out b/test/results/flow-info/default/rdp.pcap.out index 48fb6ffe8..c63e3e0dc 100644 --- a/test/results/flow-info/default/rdp.pcap.out +++ b/test/results/flow-info/default/rdp.pcap.out @@ -4,16 +4,6 @@ new: [.....1] [ip4][..tcp] [...172.16.2.185][52494] -> [..192.168.2.142][.3389] detected: [.....1] [ip4][..tcp] [...172.16.2.185][52494] -> [..192.168.2.142][.3389] [RDP][Unknown][RemoteAccess][Acceptable] RISK: Desktop/File Sharing - analyse: [.....1] [ip4][..tcp] [...172.16.2.185][52494] -> [..192.168.2.142][.3389] [RDP][Unknown][RemoteAccess][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.086| 0.035| 0.023| 533.403| 4.500] - [PKTLEN......: 40.000| 1219.000| 153.300| 233.300| 54415.100| 4.100] - [BINS(c->s)..: 12,3,1,2,0,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - [BINS(s->c)..: 3,4,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0] - [DIRECTIONS..: 0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,0,1,1,0,0,1,0] - [IATS(ms)....: 42.4,42.5,0.4,46.1,45.8,5.9,50.4,44.5,5.2,48.3,43.1,41.5,86.2,44.7,10.2,53.9,43.7,0.3,43.8,43.5,0.3,43.7,43.4,0.3,0.1,43.6,40.3,83.3,0.3,42.5,42.2] - [PKTLENS.....: 64,52,40,59,59,40,213,1219,40,166,91,40,126,331,40,612,128,40,145,73,40,531,195,40,81,77,40,80,40,81,84,40] - [ENTROPIES...: 4.4,4.9,4.6,4.3,4.8,4.6,5.3,7.6,4.7,6.6,5.5,4.7,6.4,7.1,4.7,7.7,6.2,4.7,6.7,5.2,4.7,7.5,6.7,4.7,5.8,5.6,4.9,5.4,4.7,5.7,5.5,4.7] - end: [.....1] [ip4][..tcp] [...172.16.2.185][52494] -> [..192.168.2.142][.3389] [RDP][Unknown][RemoteAccess][Acceptable] + idle: [.....1] [ip4][..tcp] [...172.16.2.185][52494] -> [..192.168.2.142][.3389] [RDP][Unknown][RemoteAccess][Acceptable] RISK: Desktop/File Sharing DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/rdp2.pcap.out b/test/results/flow-info/default/rdp2.pcap.out new file mode 100644 index 000000000..438e26e87 --- /dev/null +++ b/test/results/flow-info/default/rdp2.pcap.out @@ -0,0 +1,23 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [192.168.122.181][54759] -> [..192.168.122.2][.3389] + detected: [.....1] [ip4][..udp] [192.168.122.181][54759] -> [..192.168.122.2][.3389] [RDP][Unknown][RemoteAccess][Acceptable] + RISK: Desktop/File Sharing + DAEMON-EVENT: [Processed: 6 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip4][..udp] [....10.8.37.100][51652] -> [....10.100.2.87][.3389] + detected: [.....2] [ip4][..udp] [....10.8.37.100][51652] -> [....10.100.2.87][.3389] [RDP][Unknown][RemoteAccess][Acceptable] + RISK: Desktop/File Sharing + idle: [.....1] [ip4][..udp] [192.168.122.181][54759] -> [..192.168.122.2][.3389] [RDP][Unknown][RemoteAccess][Acceptable] + RISK: Desktop/File Sharing + DAEMON-EVENT: [Processed: 32 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....3] [ip4][..udp] [..10.50.181.210][60355] -> [....10.50.73.36][.3389] + detected: [.....3] [ip4][..udp] [..10.50.181.210][60355] -> [....10.50.73.36][.3389] [RDP][Unknown][RemoteAccess][Acceptable] + RISK: Desktop/File Sharing + idle: [.....2] [ip4][..udp] [....10.8.37.100][51652] -> [....10.100.2.87][.3389] [RDP][Unknown][RemoteAccess][Acceptable] + RISK: Desktop/File Sharing + idle: [.....3] [ip4][..udp] [..10.50.181.210][60355] -> [....10.50.73.36][.3389] [RDP][Unknown][RemoteAccess][Acceptable] + RISK: Desktop/File Sharing + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/roblox.pcapng.out b/test/results/flow-info/default/roblox.pcapng.out new file mode 100644 index 000000000..6f2cf229b --- /dev/null +++ b/test/results/flow-info/default/roblox.pcapng.out @@ -0,0 +1,38 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.192.168.12.156][42965] -> [.128.116.89.113][63862] + detected: [.....1] [ip4][..udp] [.192.168.12.156][42965] -> [.128.116.89.113][63862] [RakNet][Roblox][Game][Fun] + RISK: Unidirectional Traffic + new: [.....2] [ip4][..tcp] [.192.168.12.156][39034] -> [..128.116.122.4][..443] + detected: [.....2] [ip4][..tcp] [.192.168.12.156][39034] -> [..128.116.122.4][..443] [TLS.Roblox][Roblox][Game][Fun][assetgame.roblox.com] + detection-update: [.....2] [ip4][..tcp] [.192.168.12.156][39034] -> [..128.116.122.4][..443] [TLS.Roblox][Roblox][Game][Fun][assetgame.roblox.com] + analyse: [.....2] [ip4][..tcp] [.192.168.12.156][39034] -> [..128.116.122.4][..443] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 10.786| 0.747| 2.538| 6441959.162| 1.700] + [PKTLEN......: 40.000| 1500.000| 357.700| 487.700| 237869.300| 3.900] + [BINS(c->s)..: 13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 7,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,1,1,1,1,0,0,0,0,1] + [IATS(ms)....: 28.5,194.1,21.5,215.7,0.0,0.0,0.5,0.0,126.9,1.3,3.5,0.3,4.4,2.6,0.5,0.2,137.9,0.1,0.7,108.0,106.8,174.6,10000.2,0.3,357.2,548.0,10785.6,40.1,91.7,5.7,187.6] + [PKTLENS.....: 60,60,52,569,1500,1500,1252,1500,891,52,52,52,52,52,116,1076,702,323,323,52,52,578,52,76,52,52,76,52,52,76,52,40] + [ENTROPIES...: 4.8,5.3,5.2,4.8,7.9,7.9,7.8,7.9,7.8,5.2,5.2,5.1,5.1,5.0,6.1,7.8,7.7,7.3,7.3,5.2,5.1,7.6,5.2,5.7,5.2,5.1,5.7,5.1,5.1,5.7,5.1,4.0] + detection-update: [.....2] [ip4][..tcp] [.192.168.12.156][39034] -> [..128.116.122.4][..443] [TLS.Roblox][Roblox][Game][Fun][assetgame.roblox.com] + DAEMON-EVENT: [Processed: 47 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0] + new: [.....3] [ip4][..udp] [.192.168.12.156][45693] -> [..128.116.44.33][53385] + detected: [.....3] [ip4][..udp] [.192.168.12.156][45693] -> [..128.116.44.33][53385] [RakNet][Roblox][Game][Fun] + RISK: Unidirectional Traffic + idle: [.....1] [ip4][..udp] [.192.168.12.156][42965] -> [.128.116.89.113][63862] [RakNet][Roblox][Game][Fun] + RISK: Unidirectional Traffic + end: [.....2] [ip4][..tcp] [.192.168.12.156][39034] -> [..128.116.122.4][..443] [TLS.Roblox][Roblox][Game][Fun] + DAEMON-EVENT: [Processed: 64 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0] + new: [.....4] [ip4][..udp] [.192.168.12.156][46507] -> [..128.116.44.33][51438] + detected: [.....4] [ip4][..udp] [.192.168.12.156][46507] -> [..128.116.44.33][51438] [RakNet][Roblox][Game][Fun] + RISK: Unidirectional Traffic + idle: [.....3] [ip4][..udp] [.192.168.12.156][45693] -> [..128.116.44.33][53385] [RakNet][Roblox][Game][Fun] + RISK: Unidirectional Traffic + idle: [.....4] [ip4][..udp] [.192.168.12.156][46507] -> [..128.116.44.33][51438] [RakNet][Roblox][Game][Fun] + RISK: Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out b/test/results/flow-info/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out new file mode 100644 index 000000000..d862662e2 --- /dev/null +++ b/test/results/flow-info/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out @@ -0,0 +1,9 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..217.12.244.34][25963] -> [..217.12.247.98][31601] + detected: [.....1] [ip4][..udp] [..217.12.244.34][25963] -> [..217.12.247.98][31601] [RTCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....1] [ip4][..udp] [..217.12.244.34][25963] -> [..217.12.247.98][31601] [RTCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/rtp.pcapng.out b/test/results/flow-info/default/rtp.pcapng.out new file mode 100644 index 000000000..3cfecd3c2 --- /dev/null +++ b/test/results/flow-info/default/rtp.pcapng.out @@ -0,0 +1,15 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..10.204.220.71][.6000] -> [.10.204.220.171][.6000] + detected: [.....1] [ip4][..udp] [..10.204.220.71][.6000] -> [.10.204.220.171][.6000] [RTP][Unknown][Media][Acceptable] + DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip4][..udp] [.150.219.118.19][54234] -> [192.113.193.227][50003] + detected: [.....2] [ip4][..udp] [.150.219.118.19][54234] -> [192.113.193.227][50003] [Discord][Unknown][Collaborative][Fun] + idle: [.....1] [ip4][..udp] [..10.204.220.71][.6000] -> [.10.204.220.171][.6000] [RTP][Unknown][Media][Acceptable] + new: [.....3] [ip4][..udp] [..10.140.67.167][55402] -> [..148.153.85.97][.6008] + detected: [.....3] [ip4][..udp] [..10.140.67.167][55402] -> [..148.153.85.97][.6008] [RTP][Unknown][Media][Acceptable] + idle: [.....2] [ip4][..udp] [.150.219.118.19][54234] -> [192.113.193.227][50003] [Discord][Unknown][Collaborative][Fun] + idle: [.....3] [ip4][..udp] [..10.140.67.167][55402] -> [..148.153.85.97][.6008] [RTP][Unknown][Media][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/skinny.pcap.out b/test/results/flow-info/default/skinny.pcap.out index f80564046..6d3230aa3 100644 --- a/test/results/flow-info/default/skinny.pcap.out +++ b/test/results/flow-info/default/skinny.pcap.out @@ -18,14 +18,14 @@ [PKTLENS.....: 64,68,56,64,46,364,68,76,68,46,200,60,46,64,180,76,46,252,46,88,46,184,46,184,46,184,172,46,92,92,46,92] [ENTROPIES...: 3.9,4.0,4.5,4.3,4.4,3.7,4.4,4.2,4.6,4.4,4.5,4.3,4.7,4.5,2.6,4.2,4.4,4.3,4.5,4.0,4.7,2.7,4.5,2.7,4.5,2.6,4.7,4.4,4.0,4.0,4.6,4.0] new: [.....3] [ip4][..udp] [.192.168.195.58][32150] -> [.192.168.193.24][.9395] - detected: [.....3] [ip4][..udp] [.192.168.195.58][32150] -> [.192.168.193.24][.9395] [RTP][Unknown][Media][Acceptable] new: [.....4] [ip4][..udp] [.192.168.195.58][32144] -> [.192.168.195.50][17718] detected: [.....4] [ip4][..udp] [.192.168.195.58][32144] -> [.192.168.195.50][17718] [RTP][Unknown][Media][Acceptable] new: [.....5] [ip4][..udp] [.192.168.195.50][17726] -> [.192.168.193.24][.9399] - detected: [.....5] [ip4][..udp] [.192.168.195.50][17726] -> [.192.168.193.24][.9399] [RTP][Unknown][Media][Acceptable] new: [.....6] [ip4][..udp] [.192.168.195.58][32152] -> [.192.168.193.24][.9396] - detected: [.....6] [ip4][..udp] [.192.168.195.58][32152] -> [.192.168.193.24][.9396] [RTP][Unknown][Media][Acceptable] + detected: [.....3] [ip4][..udp] [.192.168.195.58][32150] -> [.192.168.193.24][.9395] [RTP][Unknown][Media][Acceptable] new: [.....7] [ip4][..udp] [.192.168.195.50][17732] -> [.192.168.193.24][.9400] + detected: [.....5] [ip4][..udp] [.192.168.195.50][17726] -> [.192.168.193.24][.9399] [RTP][Unknown][Media][Acceptable] + detected: [.....6] [ip4][..udp] [.192.168.195.58][32152] -> [.192.168.193.24][.9396] [RTP][Unknown][Media][Acceptable] detected: [.....7] [ip4][..udp] [.192.168.195.50][17732] -> [.192.168.193.24][.9400] [RTP][Unknown][Media][Acceptable] analyse: [.....4] [ip4][..udp] [.192.168.195.58][32144] -> [.192.168.195.50][17718] [RTP][Unknown][Media][Acceptable] min| max| avg| stddev| variance| entropy diff --git a/test/results/flow-info/default/skype_udp.pcap.out b/test/results/flow-info/default/skype_udp.pcap.out index 97131e95b..976445351 100644 --- a/test/results/flow-info/default/skype_udp.pcap.out +++ b/test/results/flow-info/default/skype_udp.pcap.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [....192.168.1.2][35990] -> [.24.224.190.149][39262] - detected: [.....1] [ip4][..udp] [....192.168.1.2][35990] -> [.24.224.190.149][39262] [Skype_Teams][Unknown][VoIP][Acceptable] + detected: [.....1] [ip4][..udp] [....192.168.1.2][35990] -> [.24.224.190.149][39262] [Skype_Teams.Skype_TeamsCall][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic - idle: [.....1] [ip4][..udp] [....192.168.1.2][35990] -> [.24.224.190.149][39262] [Skype_Teams][Unknown][VoIP][Acceptable] + idle: [.....1] [ip4][..udp] [....192.168.1.2][35990] -> [.24.224.190.149][39262] [Skype_Teams.Skype_TeamsCall][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/socks-http-example.pcap.out b/test/results/flow-info/default/socks-http-example.pcap.out deleted file mode 100644 index 0c88716e2..000000000 --- a/test/results/flow-info/default/socks-http-example.pcap.out +++ /dev/null @@ -1,13 +0,0 @@ - DAEMON-EVENT: init - DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..tcp] [.10.180.156.185][53533] -> [.10.180.156.249][.1080] - detected: [.....1] [ip4][..tcp] [.10.180.156.185][53533] -> [.10.180.156.249][.1080] [SOCKS][Unknown][Web][Acceptable] - new: [.....2] [ip4][..tcp] [.10.180.156.185][53534] -> [.10.180.156.249][.1080] - detected: [.....2] [ip4][..tcp] [.10.180.156.185][53534] -> [.10.180.156.249][.1080] [SOCKS][Unknown][Web][Acceptable] - new: [.....3] [ip4][..tcp] [.10.180.156.185][53535] -> [.10.180.156.249][.1080] - end: [.....1] [ip4][..tcp] [.10.180.156.185][53533] -> [.10.180.156.249][.1080] [SOCKS][Unknown][Web][Acceptable] - end: [.....2] [ip4][..tcp] [.10.180.156.185][53534] -> [.10.180.156.249][.1080] [SOCKS][Unknown][Web][Acceptable] - guessed: [.....3] [ip4][..tcp] [.10.180.156.185][53535] -> [.10.180.156.249][.1080] [SOCKS][Unknown][Web][Acceptable] - end: [.....3] [ip4][..tcp] [.10.180.156.185][53535] -> [.10.180.156.249][.1080] - DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/socks.pcap.out b/test/results/flow-info/default/socks.pcap.out new file mode 100644 index 000000000..e7a7780b5 --- /dev/null +++ b/test/results/flow-info/default/socks.pcap.out @@ -0,0 +1,20 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.......10.0.0.1][.1637] -> [.......10.0.0.2][21477] + detected: [.....1] [ip4][..tcp] [.......10.0.0.1][.1637] -> [.......10.0.0.2][21477] [SOCKS][Unknown][Web][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: [Processed: 14 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip4][..tcp] [.10.180.156.185][53533] -> [.10.180.156.249][.1080] + detected: [.....2] [ip4][..tcp] [.10.180.156.185][53533] -> [.10.180.156.249][.1080] [SOCKS][Unknown][Web][Acceptable] + new: [.....3] [ip4][..tcp] [.10.180.156.185][53534] -> [.10.180.156.249][.1080] + detected: [.....3] [ip4][..tcp] [.10.180.156.185][53534] -> [.10.180.156.249][.1080] [SOCKS][Unknown][Web][Acceptable] + new: [.....4] [ip4][..tcp] [.10.180.156.185][53535] -> [.10.180.156.249][.1080] + detected: [.....4] [ip4][..tcp] [.10.180.156.185][53535] -> [.10.180.156.249][.1080] [SOCKS][Unknown][Web][Acceptable] + end: [.....1] [ip4][..tcp] [.......10.0.0.1][.1637] -> [.......10.0.0.2][21477] [SOCKS][Unknown][Web][Acceptable] + RISK: Known Proto on Non Std Port + end: [.....2] [ip4][..tcp] [.10.180.156.185][53533] -> [.10.180.156.249][.1080] [SOCKS][Unknown][Web][Acceptable] + end: [.....3] [ip4][..tcp] [.10.180.156.185][53534] -> [.10.180.156.249][.1080] [SOCKS][Unknown][Web][Acceptable] + end: [.....4] [ip4][..tcp] [.10.180.156.185][53535] -> [.10.180.156.249][.1080] [SOCKS][Unknown][Web][Acceptable] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun.pcap.out b/test/results/flow-info/default/stun.pcap.out index 2768afaa3..47265b1c3 100644 --- a/test/results/flow-info/default/stun.pcap.out +++ b/test/results/flow-info/default/stun.pcap.out @@ -1,11 +1,16 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] - detected: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable][] - update: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] - update: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] - analyse: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] + new: [.....1] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] + detected: [.....1] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][] + DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] + end: [.....1] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] + detected: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable][] + update: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] + update: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] + analyse: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.003| 10.359| 9.105| 2.980| 8880623.976| 4.800] [PKTLEN......: 68.000| 92.000| 80.000| 12.000| 144.000| 5.000] @@ -15,13 +20,13 @@ [IATS(ms)....: 6.9,10132.2,10132.3,10358.5,2.9,10358.5,2.9,10055.4,10055.5,10056.9,10056.9,10057.2,10057.2,10053.9,10054.0,10069.5,10069.5,10027.1,10027.1,10027.3,10027.3,10064.0,10063.9,10098.3,10098.4,10035.5,10035.4,10061.4,10061.4,10028.4,10028.3] [PKTLENS.....: 68,92,68,92,68,68,92,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92] [ENTROPIES...: 5.4,5.5,5.4,5.5,5.5,5.5,5.5,5.5,5.5,5.6,5.5,5.6,5.4,5.6,5.5,5.6,5.4,5.5,5.5,5.5,5.4,5.6,5.4,5.5,5.5,5.6,5.5,5.6,5.5,5.5,5.4,5.5] - update: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] - DAEMON-EVENT: [Processed: 42 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] - new: [.....2] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] - detected: [.....2] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][Facebook][VoIP][Acceptable][turner.facebook] + update: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] + DAEMON-EVENT: [Processed: 57 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] + new: [.....3] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] + detected: [.....3] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][Facebook][VoIP][Acceptable][turner.facebook] RISK: Known Proto on Non Std Port - analyse: [.....2] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][Facebook][VoIP][Acceptable] + analyse: [.....3] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][Facebook][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 6.004| 0.447| 1.463| 2139022.033| 1.900] [PKTLEN......: 56.000| 168.000| 139.600| 32.100| 1033.400| 5.000] @@ -31,18 +36,21 @@ [IATS(ms)....: 11.5,15.6,15.9,6004.4,4.7,5997.4,4.5,7.5,7.1,108.4,344.5,499.2,68.5,0.2,19.7,29.0,92.2,23.6,96.4,1.6,50.3,48.3,0.3,50.1,3.3,0.0,52.9,0.4,9.7,44.9,232.2] [PKTLENS.....: 56,132,164,104,168,168,140,168,140,72,164,164,160,168,128,72,164,128,160,128,164,160,128,164,128,160,128,168,128,72,160,160] [ENTROPIES...: 4.9,5.6,5.9,5.8,5.9,6.0,5.6,5.8,5.5,5.6,5.9,6.0,6.0,5.9,5.8,5.5,6.0,5.9,6.0,5.9,5.9,6.0,5.8,6.0,5.9,6.0,5.9,5.9,5.8,5.6,6.1,6.0] - idle: [.....1] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] - DAEMON-EVENT: [Processed: 117 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] - new: [.....3] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] - detected: [.....3] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable][apps-host.com] - idle: [.....2] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][Facebook][VoIP][Acceptable] - RISK: Known Proto on Non Std Port - DAEMON-EVENT: [Processed: 137 pkts][ZLib][compressions: 0|diff: 0 / 0] + idle: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] + DAEMON-EVENT: [Processed: 132 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] - new: [.....4] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] - detected: [.....4] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] - analyse: [.....4] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + new: [.....4] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] + detected: [.....4] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable][apps-host.com] + idle: [.....3] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][Facebook][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: [Processed: 152 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] + new: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] + detected: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [DTLS][Google][Web][Safe] + RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn + detection-update: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [DTLS.GoogleHangoutDuo][Google][VoIP][Acceptable] + RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn + analyse: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [DTLS.GoogleHangoutDuo][Google][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.836| 0.131| 0.227| 51553.292| 3.400] [PKTLEN......: 62.000| 1226.000| 179.200| 221.300| 48965.100| 4.400] @@ -52,6 +60,7 @@ [IATS(ms)....: 22.9,25.6,18.8,27.0,9.0,16.5,8.2,0.0,96.0,9.4,96.1,13.9,9.7,14.0,0.0,0.0,28.4,12.0,233.2,17.4,835.9,625.3,352.7,699.8,203.7,550.7,72.1,9.0,20.6,28.1,14.7] [PKTLENS.....: 136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95] [ENTROPIES...: 5.9,5.9,5.0,5.9,7.3,6.7,5.8,5.7,7.4,5.7,6.0,6.2,6.4,5.9,6.1,5.4,5.4,5.6,5.9,5.3,5.2,5.9,5.8,5.2,6.1,5.9,6.0,6.1,6.0,5.9,6.1,5.9] - idle: [.....4] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] - idle: [.....3] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable] + idle: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [DTLS.GoogleHangoutDuo][Google][VoIP][Acceptable] + RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn + idle: [.....4] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_classic.pcap.out b/test/results/flow-info/default/stun_classic.pcap.out new file mode 100644 index 000000000..14053455b --- /dev/null +++ b/test/results/flow-info/default/stun_classic.pcap.out @@ -0,0 +1,9 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..172.16.63.224][55050] -> [...172.16.63.21][13958] + detected: [.....1] [ip4][..udp] [..172.16.63.224][55050] -> [...172.16.63.21][13958] [STUN.RTP][Unknown][Media][Acceptable][] + RISK: Known Proto on Non Std Port + idle: [.....1] [ip4][..udp] [..172.16.63.224][55050] -> [...172.16.63.21][13958] [STUN.RTP][Unknown][Media][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_google_meet.pcapng.out b/test/results/flow-info/default/stun_google_meet.pcapng.out new file mode 100644 index 000000000..44cf02787 --- /dev/null +++ b/test/results/flow-info/default/stun_google_meet.pcapng.out @@ -0,0 +1,62 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] + new: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] + new: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] + new: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] + detected: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + detected: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + analyse: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.164| 0.015| 0.039| 1549.851| 2.400] + [PKTLEN......: 65.000| 1231.000| 290.000| 203.200| 41279.000| 4.700] + [BINS(c->s)..: 0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,1,3,0,1,0,0,0,20,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1] + [IATS(ms)....: 27.7,164.3,5.3,154.4,6.7,36.4,35.4,0.1,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,27.3,18.9,0.0,0.0,0.0,0.0,0.0,0.0,0.0] + [PKTLENS.....: 152,92,148,185,92,1231,573,598,65,288,288,288,288,288,288,288,288,288,288,288,288,288,109,109,288,288,288,165,288,288,288,288] + [ENTROPIES...: 5.9,5.7,5.9,5.0,5.7,7.3,6.8,7.4,4.6,7.1,7.1,7.2,7.1,7.0,7.0,7.1,7.1,7.0,7.1,7.1,7.1,7.1,5.7,5.7,7.0,7.1,7.0,6.4,7.2,7.1,7.1,7.1] + new: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] + detected: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + RISK: Unidirectional Traffic + new: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] + detected: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + analyse: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.000| 0.179| 0.232| 53990.769| 4.000] + [PKTLEN......: 68.000| 565.000| 110.700| 85.700| 7337.900| 4.800] + [BINS(c->s)..: 0,14,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0] + [IATS(ms)....: 28.7,31.6,20.7,57.3,57.1,114.9,326.7,7.6,0.3,359.3,399.5,20.9,399.5,20.8,60.3,761.6,238.3,310.5,33.1,16.7,106.5,1.4,298.5,11.7,401.0,18.9,1000.0,80.4,40.3,278.6,42.3] + [PKTLENS.....: 152,92,148,92,148,92,565,91,73,93,68,107,73,91,73,148,92,68,80,91,73,80,80,107,73,91,73,68,148,92,128,91] + [ENTROPIES...: 6.0,5.6,6.0,5.7,6.0,5.7,7.6,6.0,5.5,5.6,5.5,5.7,5.7,5.9,5.5,6.0,5.6,5.3,5.8,6.1,5.6,5.7,5.8,5.8,5.5,5.9,5.6,5.3,5.9,5.6,6.3,6.0] + detected: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + detected: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port + analyse: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.030| 8.438| 2.374| 2.514| 6318722.646| 4.300] + [PKTLEN......: 92.000| 152.000| 118.200| 26.300| 690.900| 5.000] + [BINS(c->s)..: 0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1] + [IATS(ms)....: 30.2,90.8,78.2,1745.7,1745.6,749.7,749.8,2799.7,2799.8,3108.6,3108.4,997.5,997.5,1610.3,1610.3,582.5,582.8,6554.8,6554.5,8437.5,8437.6,882.4,882.5,6551.7,6551.4,792.4,792.6,993.0,993.0,897.1,896.9] + [PKTLENS.....: 152,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92] + [ENTROPIES...: 6.0,5.6,6.1,5.6,6.0,5.5,6.0,5.6,6.1,5.7,5.9,5.8,6.1,5.6,6.0,5.6,6.1,5.6,6.0,5.6,6.0,5.6,6.0,5.6,6.1,5.6,6.0,5.7,6.0,5.7,6.0,5.7] + idle: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + idle: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/hangout.pcap.out b/test/results/flow-info/default/stun_msteams_unidir.pcapng.out index 99f37559e..6bb84de57 100644 --- a/test/results/flow-info/default/hangout.pcap.out +++ b/test/results/flow-info/default/stun_msteams_unidir.pcapng.out @@ -1,9 +1,9 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..udp] [.74.125.134.127][19305] -> [....10.89.61.13][56406] - detected: [.....1] [ip4][..udp] [.74.125.134.127][19305] -> [....10.89.61.13][56406] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + new: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] + detected: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] [STUN.Skype_Teams][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [.....1] [ip4][..udp] [.74.125.134.127][19305] -> [....10.89.61.13][56406] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + idle: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] [STUN.Skype_Teams][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_signal.pcapng.out b/test/results/flow-info/default/stun_signal.pcapng.out index d7b438044..5049eddd3 100644 --- a/test/results/flow-info/default/stun_signal.pcapng.out +++ b/test/results/flow-info/default/stun_signal.pcapng.out @@ -47,9 +47,9 @@ [ENTROPIES...: 5.8,5.8,5.9,5.8,5.7,5.6,5.9,5.9,5.8,5.8,5.9,5.8,5.7,5.1,5.8,5.3,5.9,5.8,5.8,5.7,5.9,5.8,5.1,5.8,5.2,5.2,5.1,5.8,5.8,5.6,5.1,5.8] update: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] RISK: Unidirectional Traffic - detected: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + detected: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable][] RISK: Known Proto on Non Std Port - detected: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + detected: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable][] RISK: Known Proto on Non Std Port analyse: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] min| max| avg| stddev| variance| entropy @@ -71,11 +71,7 @@ update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] update: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] new: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] - detected: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] - RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] - detected: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] - RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] new: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] new: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] @@ -85,6 +81,8 @@ RISK: Unidirectional Traffic detected: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] detected: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detected: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic detected: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic detected: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN][AmazonAWS][Network][Acceptable][] @@ -109,7 +107,7 @@ RISK: Unidirectional Traffic update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - update: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + update: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable] RISK: Known Proto on Non Std Port update: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN][AmazonAWS][Network][Acceptable] RISK: Known Proto on Non Std Port @@ -117,10 +115,12 @@ RISK: Known Proto on Non Std Port, Unidirectional Traffic update: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Unidirectional Traffic - update: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + update: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable] RISK: Known Proto on Non Std Port update: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] RISK: Unidirectional Traffic + detected: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable][] + RISK: Known Proto on Non Std Port idle: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Unidirectional Traffic idle: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] @@ -130,7 +130,7 @@ RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + idle: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable] RISK: Known Proto on Non Std Port guessed: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable][] idle: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] @@ -142,7 +142,7 @@ RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + idle: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic @@ -151,10 +151,10 @@ idle: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] idle: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN][AmazonAWS][Network][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + idle: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable] RISK: Known Proto on Non Std Port - idle: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] - RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] diff --git a/test/results/flow-info/default/stun_wa_call.pcapng.out b/test/results/flow-info/default/stun_wa_call.pcapng.out new file mode 100644 index 000000000..817f5d950 --- /dev/null +++ b/test/results/flow-info/default/stun_wa_call.pcapng.out @@ -0,0 +1,99 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] + detected: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] + RISK: Unidirectional Traffic + new: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] + detected: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] + RISK: Unidirectional Traffic + new: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478] + detected: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] + RISK: Unidirectional Traffic + new: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478] + detected: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] + RISK: Unidirectional Traffic + new: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] + detected: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] + RISK: Unidirectional Traffic + analyse: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 2.505| 0.249| 0.601| 361608.839| 2.900] + [PKTLEN......: 48.000| 300.000| 146.400| 92.200| 8492.200| 4.700] + [BINS(c->s)..: 2,4,1,1,0,0,3,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,2,10,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,1,1,0,0,0,0,1,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,1,0,1,0,0,0,1] + [IATS(ms)....: 0.2,8.4,0.0,2463.7,2505.3,0.2,3.6,0.3,39.5,0.1,6.1,4.8,0.0,25.9,31.6,82.0,37.7,1.7,120.9,0.0,78.6,59.9,292.8,130.0,59.7,381.6,376.4,412.4,0.0,227.9,362.0] + [PKTLENS.....: 240,240,96,96,74,300,300,300,300,96,96,74,96,96,48,48,98,300,300,96,96,89,53,107,108,53,77,86,150,73,227,273] + [ENTROPIES...: 7.0,7.0,5.8,5.8,5.8,7.0,7.0,7.0,7.0,5.7,5.8,5.7,5.7,5.7,5.2,5.2,5.8,7.0,7.0,5.7,5.8,5.8,4.9,6.0,6.1,5.0,5.5,5.7,6.6,5.5,6.9,7.2] + new: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] + detected: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] + RISK: Unidirectional Traffic + new: [.....7] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.231.62][.3478] + detected: [.....7] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] + RISK: Unidirectional Traffic + new: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478] + detected: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] + RISK: Unidirectional Traffic + new: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478] + detected: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] + RISK: Unidirectional Traffic + new: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478] + detected: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] + RISK: Unidirectional Traffic + analyse: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.025| 0.011| 0.005| 24.788| 4.800] + [PKTLEN......: 48.000| 540.000| 284.500| 217.500| 47305.800| 4.600] + [BINS(c->s)..: 1,0,13,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1] + [IATS(ms)....: 0.1,8.3,0.0,10.1,8.1,24.5,25.3,11.6,10.1,12.8,14.4,10.6,10.6,10.6,10.5,16.3,6.1,16.2,5.9,10.0,9.7,10.6,11.3,10.7,10.5,10.8,10.6,10.2,10.7,11.3,11.5] + [PKTLENS.....: 300,300,96,96,92,540,92,540,92,540,92,540,92,540,92,540,48,92,48,540,92,540,92,540,92,540,92,540,92,540,92,540] + [ENTROPIES...: 7.0,7.0,5.8,5.7,5.7,1.5,5.8,1.5,5.6,1.5,5.6,1.5,5.7,1.5,5.6,1.5,5.2,5.7,5.1,1.5,5.7,1.5,5.7,1.5,5.6,1.5,5.7,1.5,5.8,1.5,5.7,1.5] + new: [....11] [ip4][..udp] [.192.168.12.156][49526] -> [...10.82.40.241][40436] + detected: [....11] [ip4][..udp] [.192.168.12.156][49526] -> [...10.82.40.241][40436] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107] + detected: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....13] [ip4][.icmp] [..93.63.100.129] -> [.192.168.12.156] + detected: [....13] [ip4][.icmp] [..93.63.100.129] -> [.192.168.12.156] [ICMP][Unknown][Network][Acceptable] + RISK: Unidirectional Traffic + update: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + RISK: Unidirectional Traffic + update: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + RISK: Unidirectional Traffic + update: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + RISK: Unidirectional Traffic + update: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + RISK: Unidirectional Traffic + update: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [....13] [ip4][.icmp] [..93.63.100.129] -> [.192.168.12.156] [ICMP][Unknown][Network][Acceptable] + RISK: Unidirectional Traffic + idle: [.....7] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [....11] [ip4][..udp] [.192.168.12.156][49526] -> [...10.82.40.241][40436] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....3] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.231.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....5] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.195.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....4] [ip4][..udp] [.192.168.12.156][46652] -> [..157.240.21.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....1] [ip4][..udp] [.192.168.12.156][46652] -> [..93.57.123.227][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/thrift.pcap.out b/test/results/flow-info/default/thrift.pcap.out new file mode 100644 index 000000000..12b574e48 --- /dev/null +++ b/test/results/flow-info/default/thrift.pcap.out @@ -0,0 +1,24 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.169.254.59.247][53387] -> [...169.254.46.4][11010] + detected: [.....1] [ip4][..tcp] [.169.254.59.247][53387] -> [...169.254.46.4][11010] [Thrift][Unknown][RPC][Acceptable] + analyse: [.....1] [ip4][..tcp] [.169.254.59.247][53387] -> [...169.254.46.4][11010] [Thrift][Unknown][RPC][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.000| 0.000| 0.000| 0.002| 4.800] + [PKTLEN......: 40.000| 2960.000| 375.200| 637.800| 406764.600| 3.600] + [BINS(c->s)..: 5,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1] + [BINS(s->c)..: 6,3,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,0] + [IATS(ms)....: 0.1,0.1,0.1,0.2,0.1,0.2,0.1,0.1,0.2,0.1,0.1,0.2,0.1,0.1,0.2,0.1,0.1,0.2,0.1,0.1,0.1,0.1,0.2,0.1,0.1,0.2,0.1,0.1,0.2,0.1,0.1] + [PKTLENS.....: 52,52,40,80,46,88,80,46,80,82,46,106,121,46,311,90,46,104,78,89,79,1500,628,40,1500,628,40,1500,628,40,780,2960] + [ENTROPIES...: 4.4,4.9,4.6,4.6,4.6,5.1,4.6,4.5,4.8,5.0,4.5,4.9,4.0,4.5,5.1,4.8,4.6,4.8,4.6,4.8,5.0,6.1,6.1,4.6,6.1,6.1,4.6,6.1,6.1,4.6,6.1,6.1] + DAEMON-EVENT: [Processed: 170 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip4][..udp] [......127.0.0.1][49164] -> [......127.0.0.1][.6831] + detected: [.....2] [ip4][..udp] [......127.0.0.1][49164] -> [......127.0.0.1][.6831] [Thrift][Unknown][RPC][Acceptable] + RISK: Unidirectional Traffic + end: [.....1] [ip4][..tcp] [.169.254.59.247][53387] -> [...169.254.46.4][11010] [Thrift][Unknown][RPC][Acceptable] + idle: [.....2] [ip4][..udp] [......127.0.0.1][49164] -> [......127.0.0.1][.6831] [Thrift][Unknown][RPC][Acceptable] + RISK: Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/tls_ech.pcapng.out b/test/results/flow-info/default/tls_ech.pcapng.out new file mode 100644 index 000000000..bcb51fd39 --- /dev/null +++ b/test/results/flow-info/default/tls_ech.pcapng.out @@ -0,0 +1,8 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:ce16:b409:3d0a:9177][47460] -> [...................2606:4700::6812:1e4e][..443] + detected: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:ce16:b409:3d0a:9177][47460] -> [...................2606:4700::6812:1e4e][..443] [TLS.Cloudflare][Unknown][Web][Acceptable][performance.radar.cloudflare.com] + detection-update: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:ce16:b409:3d0a:9177][47460] -> [...................2606:4700::6812:1e4e][..443] [TLS.Cloudflare][Unknown][Web][Acceptable][performance.radar.cloudflare.com] + idle: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:ce16:b409:3d0a:9177][47460] -> [...................2606:4700::6812:1e4e][..443] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/zabbix.pcap.out b/test/results/flow-info/default/zabbix.pcap.out index f6709f6e1..c22da72c8 100644 --- a/test/results/flow-info/default/zabbix.pcap.out +++ b/test/results/flow-info/default/zabbix.pcap.out @@ -3,5 +3,76 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.67.98][57162] -> [..192.168.67.25][10050] detected: [.....1] [ip4][..tcp] [..192.168.67.98][57162] -> [..192.168.67.25][10050] [Zabbix][Unknown][Network][Acceptable] + DAEMON-EVENT: [Processed: 10 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip4][..tcp] [...192.168.7.16][36699] -> [...192.168.7.17][10051] + detected: [.....2] [ip4][..tcp] [...192.168.7.16][36699] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [.....3] [ip4][..tcp] [...192.168.7.16][54089] -> [...192.168.7.17][10051] + detected: [.....3] [ip4][..tcp] [...192.168.7.16][54089] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [.....4] [ip4][..tcp] [...192.168.7.16][37781] -> [...192.168.7.17][10051] + detected: [.....4] [ip4][..tcp] [...192.168.7.16][37781] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] end: [.....1] [ip4][..tcp] [..192.168.67.98][57162] -> [..192.168.67.25][10050] [Zabbix][Unknown][Network][Acceptable] + new: [.....5] [ip4][..tcp] [...192.168.7.16][58079] -> [...192.168.7.17][10051] + detected: [.....5] [ip4][..tcp] [...192.168.7.16][58079] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [.....6] [ip4][..tcp] [...192.168.7.16][33661] -> [...192.168.7.17][10051] + detected: [.....6] [ip4][..tcp] [...192.168.7.16][33661] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [.....7] [ip4][..tcp] [...192.168.7.16][40553] -> [...192.168.7.17][10051] + detected: [.....7] [ip4][..tcp] [...192.168.7.16][40553] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [.....8] [ip4][..tcp] [...192.168.7.16][36755] -> [...192.168.7.17][10051] + detected: [.....8] [ip4][..tcp] [...192.168.7.16][36755] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [.....9] [ip4][..tcp] [...192.168.7.16][43395] -> [...192.168.7.17][10051] + detected: [.....9] [ip4][..tcp] [...192.168.7.16][43395] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [....10] [ip4][..tcp] [...192.168.7.16][45197] -> [...192.168.7.17][10051] + new: [....11] [ip4][..tcp] [...192.168.7.16][35243] -> [...192.168.7.17][10051] + detected: [....10] [ip4][..tcp] [...192.168.7.16][45197] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + detected: [....11] [ip4][..tcp] [...192.168.7.16][35243] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [....12] [ip4][..tcp] [...192.168.7.16][36623] -> [...192.168.7.17][10051] + detected: [....12] [ip4][..tcp] [...192.168.7.16][36623] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [....13] [ip4][..tcp] [...192.168.7.16][35627] -> [...192.168.7.17][10051] + detected: [....13] [ip4][..tcp] [...192.168.7.16][35627] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [....14] [ip4][..tcp] [...192.168.7.16][49215] -> [...192.168.7.17][10051] + detected: [....14] [ip4][..tcp] [...192.168.7.16][49215] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [....15] [ip4][..tcp] [...192.168.7.16][55759] -> [...192.168.7.17][10051] + detected: [....15] [ip4][..tcp] [...192.168.7.16][55759] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [....16] [ip4][..tcp] [...192.168.7.16][50639] -> [...192.168.7.17][10051] + detected: [....16] [ip4][..tcp] [...192.168.7.16][50639] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [....17] [ip4][..tcp] [...192.168.7.16][41309] -> [...192.168.7.17][10051] + detected: [....17] [ip4][..tcp] [...192.168.7.16][41309] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [....18] [ip4][..tcp] [...192.168.7.16][60217] -> [...192.168.7.17][10051] + new: [....19] [ip4][..tcp] [...192.168.7.16][43677] -> [...192.168.7.17][10051] + detected: [....19] [ip4][..tcp] [...192.168.7.16][43677] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + detected: [....18] [ip4][..tcp] [...192.168.7.16][60217] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [....20] [ip4][..tcp] [...192.168.7.16][48677] -> [...192.168.7.17][10051] + detected: [....20] [ip4][..tcp] [...192.168.7.16][48677] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [.....2] [ip4][..tcp] [...192.168.7.16][36699] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [.....3] [ip4][..tcp] [...192.168.7.16][54089] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [....21] [ip4][..tcp] [...192.168.7.16][52901] -> [...192.168.7.17][10051] + detected: [....21] [ip4][..tcp] [...192.168.7.16][52901] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [....22] [ip4][..tcp] [...192.168.7.16][48017] -> [...192.168.7.17][10051] + detected: [....22] [ip4][..tcp] [...192.168.7.16][48017] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [.....5] [ip4][..tcp] [...192.168.7.16][58079] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [.....4] [ip4][..tcp] [...192.168.7.16][37781] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [....23] [ip4][..tcp] [...192.168.7.16][39595] -> [...192.168.7.17][10051] + detected: [....23] [ip4][..tcp] [...192.168.7.16][39595] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [.....6] [ip4][..tcp] [...192.168.7.16][33661] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + new: [....24] [ip4][..tcp] [...192.168.7.16][36763] -> [...192.168.7.17][10051] + detected: [....24] [ip4][..tcp] [...192.168.7.16][36763] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [.....8] [ip4][..tcp] [...192.168.7.16][36755] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [....24] [ip4][..tcp] [...192.168.7.16][36763] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [....14] [ip4][..tcp] [...192.168.7.16][49215] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [....10] [ip4][..tcp] [...192.168.7.16][45197] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [....17] [ip4][..tcp] [...192.168.7.16][41309] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [.....9] [ip4][..tcp] [...192.168.7.16][43395] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [....11] [ip4][..tcp] [...192.168.7.16][35243] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [....15] [ip4][..tcp] [...192.168.7.16][55759] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [....19] [ip4][..tcp] [...192.168.7.16][43677] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [....23] [ip4][..tcp] [...192.168.7.16][39595] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [....13] [ip4][..tcp] [...192.168.7.16][35627] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [....18] [ip4][..tcp] [...192.168.7.16][60217] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [....22] [ip4][..tcp] [...192.168.7.16][48017] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [....16] [ip4][..tcp] [...192.168.7.16][50639] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [....20] [ip4][..tcp] [...192.168.7.16][48677] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [.....7] [ip4][..tcp] [...192.168.7.16][40553] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [....21] [ip4][..tcp] [...192.168.7.16][52901] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] + end: [....12] [ip4][..tcp] [...192.168.7.16][36623] -> [...192.168.7.17][10051] [Zabbix][Unknown][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/disable_stun_monitoring/lru_ipv6_caches.pcapng.out b/test/results/flow-info/disable_stun_monitoring/lru_ipv6_caches.pcapng.out new file mode 100644 index 000000000..51f07f585 --- /dev/null +++ b/test/results/flow-info/disable_stun_monitoring/lru_ipv6_caches.pcapng.out @@ -0,0 +1,62 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] + detected: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] [STUN][Unknown][Network][Acceptable][] + new: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] + new: [.....3] [ip6][..udp] [.2a2f:8509:1cb2:466d:ecbf:69d6:109c:608][62229] -> [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] + new: [.....4] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c][.6881] + detected: [.....4] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c][.6881] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [.....5] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83][....1] + detected: [.....5] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83][....1] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detected: [.....3] [ip6][..udp] [.2a2f:8509:1cb2:466d:ecbf:69d6:109c:608][62229] -> [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] + detected: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detected: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] + detected: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] + RISK: Unidirectional Traffic + new: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] + detected: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS][Unknown][Web][Safe][] + RISK: Unidirectional Traffic + detection-update: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS.Cloudflare][Unknown][Web][Acceptable][] + RISK: Unidirectional Traffic + new: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] + detected: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] [TLS.Cloudflare][Unknown][Web][Acceptable][] + RISK: Unidirectional Traffic + detection-update: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] [TLS.Cloudflare][Unknown][Web][Acceptable][] + RISK: Unidirectional Traffic + new: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] + detected: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] [TLS.Cloudflare][Unknown][Web][Acceptable][] + RISK: Unidirectional Traffic + detection-update: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] [TLS.Cloudflare][Unknown][Web][Acceptable][] + RISK: Unidirectional Traffic + new: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] + detected: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] + RISK: Unidirectional Traffic + new: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] + detected: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] + RISK: Unidirectional Traffic + idle: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] + idle: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] + idle: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] + idle: [.....5] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83][....1] + idle: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [.....4] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c][.6881] + idle: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] + idle: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] [STUN][Unknown][Network][Acceptable] + idle: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....3] [ip6][..udp] [.2a2f:8509:1cb2:466d:ecbf:69d6:109c:608][62229] -> [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] [BitTorrent][Unknown][Download][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/enable_doh_heuristic/doh.pcapng.out b/test/results/flow-info/enable_doh_heuristic/doh.pcapng.out new file mode 100644 index 000000000..bbcd31915 --- /dev/null +++ b/test/results/flow-info/enable_doh_heuristic/doh.pcapng.out @@ -0,0 +1,21 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] + detected: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][] + RISK: Missing SNI TLS Extn + detection-update: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][] + RISK: Missing SNI TLS Extn + analyse: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 15.360| 2.496| 5.583| 31170844.688| 2.400] + [PKTLEN......: 46.000| 1500.000| 174.800| 350.900| 123099.200| 3.600] + [BINS(c->s)..: 12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0] + [IATS(ms)....: 12.4,12.7,9.4,22.9,3.1,16.3,0.0,0.0,0.5,0.5,548.5,0.0,0.5,0.0,559.4,0.0,0.4,10.9,0.0,0.4,0.0,2.9,0.0,3.3,0.0,50.3,15056.9,15017.8,15339.6,15339.5,15359.8] + [PKTLENS.....: 60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46] + [ENTROPIES...: 4.4,4.4,4.2,5.9,4.1,7.8,4.1,7.9,4.1,7.1,4.1,5.9,6.2,6.4,6.0,4.1,4.1,6.2,4.1,5.5,4.1,4.1,7.4,5.5,4.1,4.1,4.2,4.1,4.1,4.1,4.2,4.1] + idle: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe] + RISK: Missing SNI TLS Extn + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/enable_stun_monitoring_with_subproto/wa_voice.pcap.out b/test/results/flow-info/enable_stun_monitoring_with_subproto/wa_voice.pcap.out new file mode 100644 index 000000000..387b65009 --- /dev/null +++ b/test/results/flow-info/enable_stun_monitoring_with_subproto/wa_voice.pcap.out @@ -0,0 +1,174 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] + detected: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com] + RISK: Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable][www.google.com] + new: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] + detected: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][g.whatsapp.net] + RISK: Unidirectional Traffic + detection-update: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][g.whatsapp.net] + new: [.....3] [ip4][..tcp] [...192.168.2.12][49354] -> [...17.242.60.84][.5223] [MIDSTREAM] + detected: [.....3] [ip4][..tcp] [...192.168.2.12][49354] -> [...17.242.60.84][.5223] [ApplePush][Apple][Cloud][Acceptable] + RISK: Unidirectional Traffic + new: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] + detected: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun] + new: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] + detected: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][WhatsApp][Chat][Acceptable] + analyse: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][WhatsApp][Chat][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.304| 0.044| 0.076| 5836.115| 3.200] + [PKTLEN......: 52.000| 1440.000| 295.400| 467.500| 218553.500| 3.800] + [BINS(c->s)..: 11,3,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 4,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,1] + [IATS(ms)....: 40.7,137.0,170.4,304.1,130.2,0.1,31.0,5.3,0.0,0.4,0.0,0.2,0.0,1.2,210.1,0.3,0.0,0.0,0.2,0.0,0.3,41.4,129.9,0.1,0.0,0.0,0.0,1.0,24.3,131.9,0.0] + [PKTLENS.....: 64,60,52,308,52,109,103,137,1440,92,1440,155,1440,164,1440,52,52,52,52,52,52,52,1045,84,98,119,82,111,52,338,52,52] + [ENTROPIES...: 4.5,5.1,5.0,7.2,5.1,6.1,6.0,6.5,7.9,5.9,7.9,6.7,7.9,6.7,7.9,5.0,5.0,5.0,5.1,5.1,5.1,5.0,7.8,5.6,5.9,6.2,5.7,6.2,5.0,7.3,5.0,5.0] + new: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] + detected: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Unknown][Network][Acceptable][media-mxp1-1.cdn.whatsapp.net] + RISK: Unidirectional Traffic + detection-update: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Unknown][Network][Acceptable][media-mxp1-1.cdn.whatsapp.net] + new: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] + detected: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net] + detection-update: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable][media-mxp1-1.cdn.whatsapp.net] + analyse: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.163| 0.020| 0.047| 2203.182| 2.500] + [PKTLEN......: 52.000| 1440.000| 343.600| 489.700| 239839.300| 3.900] + [BINS(c->s)..: 10,3,1,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 5,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0] + [IATS(ms)....: 19.7,127.7,2.8,126.3,2.9,0.0,0.0,21.0,0.2,145.2,0.0,0.0,0.0,0.0,0.0,163.3,0.0,0.0,0.0,0.2,0.0,0.0,17.5,0.3,0.0,0.0,2.4,0.3,0.1,0.4,0.6] + [PKTLENS.....: 64,60,52,569,52,1440,1440,335,52,52,116,98,95,87,388,311,52,223,126,83,52,100,484,52,52,52,52,1440,52,1440,1440,83] + [ENTROPIES...: 4.5,5.2,5.0,5.0,5.1,7.8,7.9,7.4,5.0,5.1,6.0,6.0,6.0,5.7,7.3,7.2,5.1,7.0,6.3,5.8,5.0,6.0,7.5,4.9,5.0,5.0,4.9,7.9,5.0,7.9,7.9,5.7] + new: [.....8] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] + detected: [.....8] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + new: [.....9] [ip4][..tcp] [...17.171.47.85][..443] -> [...192.168.2.12][50502] [MIDSTREAM] + detected: [.....9] [ip4][..tcp] [...17.171.47.85][..443] -> [...192.168.2.12][50502] [TLS][Apple][Web][Safe] + RISK: Unidirectional Traffic + new: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900] + detected: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900] + detected: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] + detected: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_raop._tcp.local] + new: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] + detected: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_raop._tcp.local] + new: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] + detected: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] + RISK: Unidirectional Traffic + new: [....15] [ip4][..udp] [...192.168.2.12][56328] -> [..185.60.216.51][.3478] + detected: [....15] [ip4][..udp] [...192.168.2.12][56328] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] + RISK: Unidirectional Traffic + new: [....16] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.193.48][.3478] + detected: [....16] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.193.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] + RISK: Unidirectional Traffic + new: [....17] [ip4][..udp] [...192.168.2.12][56328] -> [..179.60.192.48][.3478] + detected: [....17] [ip4][..udp] [...192.168.2.12][56328] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] + RISK: Unidirectional Traffic + new: [....18] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.196.62][.3478] + detected: [....18] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable][] + RISK: Unidirectional Traffic + new: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] + detected: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] + detected: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][pps.whatsapp.net] + RISK: Unidirectional Traffic + detection-update: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable][pps.whatsapp.net] + new: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] + detected: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][WhatsApp][Chat][Acceptable][pps.whatsapp.net] + detection-update: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][WhatsApp][Chat][Acceptable][pps.whatsapp.net] + analyse: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][WhatsApp][Chat][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.129| 0.020| 0.031| 949.768| 3.500] + [PKTLEN......: 52.000| 1440.000| 374.400| 526.300| 277041.400| 3.900] + [BINS(c->s)..: 10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 5,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,1,1] + [IATS(ms)....: 37.2,39.0,11.1,51.5,1.0,0.1,0.0,42.8,0.1,34.6,3.8,0.4,0.2,0.3,76.2,0.0,34.9,0.4,0.3,3.6,0.0,2.9,1.3,3.4,77.4,53.7,129.1,1.4,0.0,0.2,0.1] + [PKTLENS.....: 64,60,52,569,52,1440,1440,333,52,52,116,98,95,87,244,223,126,52,52,83,52,83,52,87,52,52,502,52,1440,1440,1440,1440] + [ENTROPIES...: 4.4,5.1,4.9,4.8,5.0,7.8,7.9,7.3,4.9,4.9,6.1,5.9,5.9,5.8,7.0,7.0,6.4,4.9,4.9,5.6,5.1,5.8,5.0,5.9,4.9,5.0,7.6,4.9,7.9,7.9,7.8,7.8] + new: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] + detected: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][lucas-imac] + new: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] + detected: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + analyse: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 12.196| 1.588| 3.050| 9304956.469| 3.200] + [PKTLEN......: 30.000| 306.000| 110.000| 87.200| 7598.900| 4.600] + [BINS(c->s)..: 6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1] + [IATS(ms)....: 0.1,13.4,0.1,12194.2,12196.2,104.4,0.1,105.1,0.0,108.6,104.6,3043.3,3048.9,3100.9,3096.0,3015.3,3016.6,2001.9,2.2,107.1,164.0,190.1,88.5,28.8,198.6,134.0,3008.1,91.0,35.6,0.3,36.5] + [PKTLENS.....: 154,154,72,72,34,30,154,154,72,72,34,30,34,30,34,30,34,30,74,54,232,261,240,150,306,234,302,34,30,154,154,72] + [ENTROPIES...: 6.5,6.5,5.3,5.3,4.6,4.5,6.5,6.5,5.2,5.1,4.6,4.5,4.6,4.5,4.6,4.5,4.6,4.5,5.7,5.2,7.0,7.1,7.1,6.6,7.3,7.0,7.2,4.6,4.5,6.5,6.5,5.2] + new: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] + detected: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + analyse: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.204| 0.182| 0.229| 52393.320| 4.200] + [PKTLEN......: 54.000| 301.000| 144.900| 51.700| 2672.500| 4.900] + [BINS(c->s)..: 1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1] + [IATS(ms)....: 578.2,623.6,1203.7,72.5,167.2,11.6,115.7,158.4,0.0,172.8,173.6,169.8,156.2,136.6,155.3,179.8,99.3,157.4,38.3,163.4,181.3,166.6,142.4,3.0,26.0,115.3,6.1,171.8,106.3,56.2,143.4] + [PKTLENS.....: 72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179] + [ENTROPIES...: 5.5,5.6,5.5,5.6,5.5,5.6,6.9,7.1,6.7,6.6,7.3,6.5,6.7,6.6,6.5,6.6,6.5,6.6,6.7,6.8,6.7,6.7,6.7,6.7,6.5,5.2,6.6,6.6,6.7,6.6,6.6,6.8] + detection-update: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_homekit._tcp.local] + detection-update: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_homekit._tcp.local] + new: [....25] [ip4][..tcp] [...192.168.2.12][49352] -> [169.254.162.244][49159] [MIDSTREAM] + update: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Unknown][Network][Acceptable] + update: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable] + update: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun] + update: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable] + new: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] + detected: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900] + detected: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] + new: [....28] [ip4][.icmp] [...192.168.2.12] -> [...91.252.56.51] + detected: [....28] [ip4][.icmp] [...192.168.2.12] -> [...91.252.56.51] [ICMP][Unknown][Network][Acceptable] + RISK: Unidirectional Traffic + idle: [.....3] [ip4][..tcp] [...192.168.2.12][49354] -> [...17.242.60.84][.5223] [ApplePush][Apple][Cloud][Acceptable] + RISK: Unidirectional Traffic + not-detected: [....25] [ip4][..tcp] [...192.168.2.12][49352] -> [169.254.162.244][49159] [Unknown][Unknown][Unrated] + idle: [....25] [ip4][..tcp] [...192.168.2.12][49352] -> [169.254.162.244][49159] + end: [....21] [ip4][..tcp] [...192.168.2.12][50504] -> [..157.240.20.52][..443] [TLS.WhatsApp][WhatsApp][Chat][Acceptable] + idle: [....22] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable] + idle: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [....27] [ip4][..udp] [...192.168.2.12][57546] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + idle: [.....6] [ip4][..udp] [...192.168.2.12][55296] -> [....192.168.2.1][...53] [DNS.WhatsAppFiles][Unknown][Network][Acceptable] + idle: [....13] [ip6][..udp] [...............fe80::414:409d:8afd:9f05][.5353] -> [...............................ff02::fb][.5353] + idle: [.....8] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + idle: [.....1] [ip4][..udp] [...192.168.2.12][51431] -> [....192.168.2.1][...53] [DNS.Google][Unknown][Network][Acceptable] + end: [.....9] [ip4][..tcp] [...17.171.47.85][..443] -> [...192.168.2.12][50502] [TLS][Apple][Web][Safe] + RISK: Unidirectional Traffic + idle: [....10] [ip4][..udp] [169.254.162.244][50384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + idle: [....18] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [....16] [ip4][..udp] [...192.168.2.12][56328] -> [.157.240.193.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] + idle: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun] + idle: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + idle: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable] + idle: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + idle: [....11] [ip4][..udp] [....192.168.2.1][50384] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] + idle: [....28] [ip4][.icmp] [...192.168.2.12] -> [...91.252.56.51] [ICMP][Unknown][Network][Acceptable] + RISK: Unidirectional Traffic + idle: [....20] [ip4][..udp] [...192.168.2.12][60549] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable] + idle: [.....5] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][WhatsApp][Chat][Acceptable] + idle: [....17] [ip4][..udp] [...192.168.2.12][56328] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....2] [ip4][..udp] [...192.168.2.12][60765] -> [....192.168.2.1][...53] [DNS.WhatsApp][Unknown][Network][Acceptable] + idle: [....15] [ip4][..udp] [...192.168.2.12][56328] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable] + RISK: Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/stats/default/KakaoTalk_talk.pcap.out b/test/results/stats/default/KakaoTalk_talk.pcap.out index d7738e7ad..96a639857 100644 --- a/test/results/stats/default/KakaoTalk_talk.pcap.out +++ b/test/results/stats/default/KakaoTalk_talk.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:144 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:120079 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:120082 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:20 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:14 diff --git a/test/results/stats/default/doh.pcapng.out b/test/results/stats/default/doh.pcapng.out new file mode 100644 index 000000000..fbe89312b --- /dev/null +++ b/test/results/stats/default/doh.pcapng.out @@ -0,0 +1,139 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:13 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:11531 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:1881 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:5821 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 diff --git a/test/results/stats/default/edonkey.pcap.out b/test/results/stats/default/edonkey.pcap.out new file mode 100644 index 000000000..f78523213 --- /dev/null +++ b/test/results/stats/default/edonkey.pcap.out @@ -0,0 +1,139 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7710 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:248 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:792 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 diff --git a/test/results/stats/default/fuzz-2006-06-26-2594.pcap.out b/test/results/stats/default/fuzz-2006-06-26-2594.pcap.out index c5beef371..ecf07ad98 100644 --- a/test/results/stats/default/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/stats/default/fuzz-2006-06-26-2594.pcap.out @@ -1,14 +1,14 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:2117 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:1801800 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:1799876 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:257 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:255 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:666 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:28 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:194 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:190 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:88 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:35 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:39 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:44852 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:16036 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:173 @@ -19,7 +19,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:532 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:520 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -27,7 +27,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:13 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:15 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 diff --git a/test/results/stats/default/geforcenow.pcapng.out b/test/results/stats/default/geforcenow.pcapng.out index 492b2793f..ef35dcaed 100644 --- a/test/results/stats/default/geforcenow.pcapng.out +++ b/test/results/stats/default/geforcenow.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:24 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:28345 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:28125 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:2 diff --git a/test/results/stats/default/gnutella.pcap.out b/test/results/stats/default/gnutella.pcap.out index 42659ef8b..0f4e9d04e 100644 --- a/test/results/stats/default/gnutella.pcap.out +++ b/test/results/stats/default/gnutella.pcap.out @@ -1,17 +1,17 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:6866 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:5389523 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:5968674 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:801 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:66 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:735 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:2519 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:6 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:4 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:174 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:401 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:5 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:623 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:397 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:149308 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:234286 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:142 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:369 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:1928 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 @@ -22,7 +22,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:145 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:480 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:1728 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:12 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 @@ -59,7 +59,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:478 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:1726 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:787 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:14 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 @@ -108,7 +108,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:492 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:1740 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 @@ -132,7 +132,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:449 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:1692 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 diff --git a/test/results/stats/default/http_invalid_server.pcap.out b/test/results/stats/default/http_invalid_server.pcap.out new file mode 100644 index 000000000..5d53ae40a --- /dev/null +++ b/test/results/stats/default/http_invalid_server.pcap.out @@ -0,0 +1,139 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:12 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:9245 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:82 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:407 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 diff --git a/test/results/stats/default/line.pcap.out b/test/results/stats/default/line.pcap.out index 6807f3d89..f9f02f3d1 100644 --- a/test/results/stats/default/line.pcap.out +++ b/test/results/stats/default/line.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:51 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:51929 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:53036 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:4 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:25568 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:23936 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:25 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 @@ -132,7 +132,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 diff --git a/test/results/stats/default/lru_ipv6_caches.pcapng.out b/test/results/stats/default/lru_ipv6_caches.pcapng.out index 6e1540eae..b4e0799c7 100644 --- a/test/results/stats/default/lru_ipv6_caches.pcapng.out +++ b/test/results/stats/default/lru_ipv6_caches.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:83 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:82906 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:82900 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:12 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:12 diff --git a/test/results/stats/default/pps.pcap.out b/test/results/stats/default/pps.pcap.out index f0f93ed2e..5082850ad 100644 --- a/test/results/stats/default/pps.pcap.out +++ b/test/results/stats/default/pps.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:661 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:670137 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:670355 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:107 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:105 @@ -90,7 +90,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 diff --git a/test/results/stats/default/socks-http-example.pcap.out b/test/results/stats/default/quic_cc_ack.pcapng.out index 7fed7a1ef..4344974f1 100644 --- a/test/results/stats/default/socks-http-example.pcap.out +++ b/test/results/stats/default/quic_cc_ack.pcapng.out @@ -1,19 +1,19 @@ -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:27 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:18367 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:3 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:3 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:12392 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:486 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:4801 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:2700 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:15 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 @@ -60,11 +60,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:3 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 @@ -132,7 +132,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 diff --git a/test/results/stats/default/rdp.pcap.out b/test/results/stats/default/rdp.pcap.out index 5880d7c62..3bcaf15ba 100644 --- a/test/results/stats/default/rdp.pcap.out +++ b/test/results/stats/default/rdp.pcap.out @@ -1,16 +1,16 @@ -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:9637 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7310 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:17682 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:516561 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:1081 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:1661 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5 diff --git a/test/results/stats/default/rdp2.pcap.out b/test/results/stats/default/rdp2.pcap.out new file mode 100644 index 000000000..65367dce0 --- /dev/null +++ b/test/results/stats/default/rdp2.pcap.out @@ -0,0 +1,139 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:29 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:29268 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:5097 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:4480 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:15 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 diff --git a/test/results/stats/default/roblox.pcapng.out b/test/results/stats/default/roblox.pcapng.out new file mode 100644 index 000000000..7ce4ff2a5 --- /dev/null +++ b/test/results/stats/default/roblox.pcapng.out @@ -0,0 +1,139 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:40 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:44592 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:17844 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:11993 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:20 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 diff --git a/test/results/stats/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out b/test/results/stats/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out new file mode 100644 index 000000000..e14d55dc1 --- /dev/null +++ b/test/results/stats/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out @@ -0,0 +1,139 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:8323 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:336 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:184 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 diff --git a/test/results/stats/default/rtp.pcapng.out b/test/results/stats/default/rtp.pcapng.out new file mode 100644 index 000000000..5b2423938 --- /dev/null +++ b/test/results/stats/default/rtp.pcapng.out @@ -0,0 +1,139 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:28 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:27579 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:19602 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:13839 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:15 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 diff --git a/test/results/stats/default/skinny.pcap.out b/test/results/stats/default/skinny.pcap.out index 464c55d8f..2d5234f25 100644 --- a/test/results/stats/default/skinny.pcap.out +++ b/test/results/stats/default/skinny.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:76 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:70473 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:70474 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:9 diff --git a/test/results/stats/default/skype_udp.pcap.out b/test/results/stats/default/skype_udp.pcap.out index 60b6eeca5..3dac6d05f 100644 --- a/test/results/stats/default/skype_udp.pcap.out +++ b/test/results/stats/default/skype_udp.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7438 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7477 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 diff --git a/test/results/stats/default/socks.pcap.out b/test/results/stats/default/socks.pcap.out new file mode 100644 index 000000000..32a73da87 --- /dev/null +++ b/test/results/stats/default/socks.pcap.out @@ -0,0 +1,139 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:36 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:24405 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:905 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:5743 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:20 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 diff --git a/test/results/stats/default/stun.pcap.out b/test/results/stats/default/stun.pcap.out index 46b2e8582..f25e5fd89 100644 --- a/test/results/stats/default/stun.pcap.out +++ b/test/results/stats/default/stun.pcap.out @@ -1,25 +1,25 @@ -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:44 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:39325 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:4 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:54 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:48478 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:4 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:7866 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:8132 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:8454 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:8768 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:20 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:25 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:4 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -31,12 +31,12 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 @@ -60,10 +60,10 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 @@ -92,7 +92,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 @@ -101,7 +101,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 @@ -110,7 +110,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 diff --git a/test/results/stats/default/stun_classic.pcap.out b/test/results/stats/default/stun_classic.pcap.out new file mode 100644 index 000000000..3528c9f8b --- /dev/null +++ b/test/results/stats/default/stun_classic.pcap.out @@ -0,0 +1,139 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7615 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:284 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:416 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 diff --git a/test/results/stats/default/stun_google_meet.pcapng.out b/test/results/stats/default/stun_google_meet.pcapng.out new file mode 100644 index 000000000..70c00fc82 --- /dev/null +++ b/test/results/stats/default/stun_google_meet.pcapng.out @@ -0,0 +1,139 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:53 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:45538 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:10410 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:14309 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:29 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 diff --git a/test/results/stats/default/hangout.pcap.out b/test/results/stats/default/stun_msteams_unidir.pcapng.out index 72ddd8f65..0600a7a8d 100644 --- a/test/results/stats/default/hangout.pcap.out +++ b/test/results/stats/default/stun_msteams_unidir.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:8312 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:11320 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -9,7 +9,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:1976 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:5440 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 diff --git a/test/results/stats/default/stun_signal.pcapng.out b/test/results/stats/default/stun_signal.pcapng.out index 6099a25a3..6c9eb214a 100644 --- a/test/results/stats/default/stun_signal.pcapng.out +++ b/test/results/stats/default/stun_signal.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:203 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:164366 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:163992 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:23 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:23 @@ -36,11 +36,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interv PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:23 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:18 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:13 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:18 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 @@ -132,7 +132,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:24 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:23 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 diff --git a/test/results/stats/default/stun_wa_call.pcapng.out b/test/results/stats/default/stun_wa_call.pcapng.out new file mode 100644 index 000000000..b5d8aa24c --- /dev/null +++ b/test/results/stats/default/stun_wa_call.pcapng.out @@ -0,0 +1,139 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:110 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:96968 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:13 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:13 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:13 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:44019 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:64856 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:13 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:61 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:18 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:17 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:13 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:12 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:18 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 diff --git a/test/results/stats/default/thrift.pcap.out b/test/results/stats/default/thrift.pcap.out new file mode 100644 index 000000000..09f8ba114 --- /dev/null +++ b/test/results/stats/default/thrift.pcap.out @@ -0,0 +1,139 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:18 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:26148 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:23624 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:71295 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_ech.pcapng.out b/test/results/stats/default/tls_ech.pcapng.out new file mode 100644 index 000000000..29e20f118 --- /dev/null +++ b/test/results/stats/default/tls_ech.pcapng.out @@ -0,0 +1,139 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:12 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:9593 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:648 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:2702 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 diff --git a/test/results/stats/default/zabbix.pcap.out b/test/results/stats/default/zabbix.pcap.out index 06f44fce4..9d92b8b57 100644 --- a/test/results/stats/default/zabbix.pcap.out +++ b/test/results/stats/default/zabbix.pcap.out @@ -1,25 +1,25 @@ -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7190 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:196 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:141392 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:24 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:24 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:24 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:23 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:16 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:5346 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:3265 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:120 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:24 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -40,7 +40,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:24 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 @@ -60,10 +60,10 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:24 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:24 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 diff --git a/test/results/stats/disable_stun_monitoring/lru_ipv6_caches.pcapng.out b/test/results/stats/disable_stun_monitoring/lru_ipv6_caches.pcapng.out new file mode 100644 index 000000000..1129fe68a --- /dev/null +++ b/test/results/stats/disable_stun_monitoring/lru_ipv6_caches.pcapng.out @@ -0,0 +1,139 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:83 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:84228 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:12 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:12 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:12 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:14408 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:846 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:11 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:41 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:14 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:12 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:14 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 diff --git a/test/results/stats/enable_doh_heuristic/doh.pcapng.out b/test/results/stats/enable_doh_heuristic/doh.pcapng.out new file mode 100644 index 000000000..d216e60c4 --- /dev/null +++ b/test/results/stats/enable_doh_heuristic/doh.pcapng.out @@ -0,0 +1,139 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:13 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:11700 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:1881 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:5821 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 diff --git a/test/results/stats/enable_stun_monitoring_with_subproto/wa_voice.pcap.out b/test/results/stats/enable_stun_monitoring_with_subproto/wa_voice.pcap.out new file mode 100644 index 000000000..c7c5a0a6d --- /dev/null +++ b/test/results/stats/enable_stun_monitoring_with_subproto/wa_voice.pcap.out @@ -0,0 +1,139 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:207 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:186504 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:28 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:26 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:27 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:34223 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:94669 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:14 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:103 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:36 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:17 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:27 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:21 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:14 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 |